On Tue, Jan 29, 2019 at 6:38 PM Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote: > > Pages which use page_type must never be mapped to userspace as it would > destroy their page type. Add an explicit check for this instead of > assuming that kernel drivers always get this right. > > Signed-off-by: Matthew Wilcox <willy@xxxxxxxxxxxxx> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -Kees > --- > mm/memory.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/mm/memory.c b/mm/memory.c > index ce8c90b752be..db3534bbd652 100644 > --- a/mm/memory.c > +++ b/mm/memory.c > @@ -1451,7 +1451,7 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, > spinlock_t *ptl; > > retval = -EINVAL; > - if (PageAnon(page) || PageSlab(page)) > + if (PageAnon(page) || PageSlab(page) || page_has_type(page)) > goto out; > retval = -ENOMEM; > flush_dcache_page(page); > -- > 2.20.1 > -- Kees Cook
