From: chenjie <chenjie6@xxxxxxxxxx>
cat /dev/kmem and echo > /dev/kmem will lead panic
Signed-off-by: chenjie <chenjie6@xxxxxxxxxx>
---
drivers/char/mem.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 71025c2..4bdde28 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -412,6 +412,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
* by the kernel or data corruption may occur
*/
kbuf = xlate_dev_kmem_ptr((void *)p);
+ if (!kbuf)
+ return -EFAULT;
if (copy_to_user(buf, kbuf, sz))
return -EFAULT;
@@ -482,6 +484,11 @@ static ssize_t do_write_kmem(unsigned long p, const char __user *buf,
* corruption may occur.
*/
ptr = xlate_dev_kmem_ptr((void *)p);
+ if (!ptr) {
+ if (written)
+ break;
+ return -EFAULT;
+ }
copied = copy_from_user(ptr, buf, sz);
if (copied) {
--
1.8.0
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>