linux_dsm_epyc7002/drivers/char
Robin Murphy 148a1bc843 drivers: char: mem: Check {read,write}_kmem() addresses
Arriving at read_kmem() with an offset representing a bogus kernel
address (e.g. 0 from a simple "cat /dev/kmem") leads to copy_to_user
faulting on the kernel-side read.

x86_64 happens to get away with this since the optimised implementation
uses "rep movs*", thus the user write (which is allowed to fault) and
the kernel read are the same instruction, the kernel-side fault falls
into the user-side fixup handler and the chain of events which
transpires ends up returning an error as one might expect, even if it's
an inappropriate -EFAULT. On other architectures, though, the read is
not covered by the fixup entry for the write, and we get a big scary
"Unable to hande kernel paging request..." dump.

The more typical use-case of mmap_kmem() has always (within living
memory at least) returned -EIO for addresses which don't satisfy
pfn_valid(), so let's make that consistent across {read,write}_kem()
too.

Reported-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-08-31 15:21:18 +02:00
..
agp drm/i915: Add support for mapping an object page by page 2016-06-13 10:03:54 +01:00
hw_random hwrng: omap - Fix assumption that runtime_get_sync will always succeed 2016-06-27 16:57:49 +08:00
ipmi Merge branch 'i2c/for-4.8' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2016-07-27 14:19:25 -07:00
mwave char/mwave: remove custom BOOLEAN type 2016-08-31 14:22:49 +02:00
pcmcia TTY and Serial driver update for 4.7-rc1 2016-05-20 20:57:27 -07:00
tpm tpm: Add TPM 2.0 support to the Nuvoton i2c driver (NPCT6xx family) 2016-07-19 17:43:38 +03:00
xilinx_hwicap char:xilinx_hwicap:buffer_icap - change 1/0 to true/false for bool type variable in function buffer_icap_set_configuration(). 2015-06-12 16:58:33 -07:00
xillybus char: xillybus: Fix spelling mistake and comment 2016-08-31 14:47:54 +02:00
apm-emulation.c apm-emulation: add hibernation APM events to support suspend2disk 2014-01-07 13:50:28 +01:00
applicom.c applicom: dereferencing NULL on error path 2014-05-27 17:43:12 -07:00
applicom.h
bfin-otp.c miscdevice: Use module_misc_device() macro 2016-08-31 14:12:35 +02:00
bsr.c bsr: avoid format string leaking into device name 2014-07-09 16:59:15 -07:00
ds1302.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ds1620.c ds1620: single_open() leak 2013-05-05 00:11:29 -04:00
dsp56k.c dsp56k: prevent a harmless underflow 2016-07-14 16:21:53 +09:00
dtlk.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
efirtc.c drivers/char: make efirtc.c driver explicitly non-modular 2015-09-20 19:32:35 -07:00
generic_nvram.c don't open-code generic_file_llseek_size() 2015-12-09 13:00:45 -05:00
hangcheck-timer.c hangcheck-timer: cleanup casting in hangcheck_init() 2014-11-07 11:24:01 -08:00
hpet.c hpet: Drop stale URLs 2016-02-17 09:39:56 +01:00
Kconfig RTC for 4.8 2016-08-05 09:48:22 -04:00
lp.c char: Int overflow in lp_do_ioctl(). 2013-12-18 16:39:54 -08:00
Makefile RTC for 4.8 2016-08-05 09:48:22 -04:00
mbcs.c don't open-code generic_file_llseek_size() 2015-12-09 13:00:45 -05:00
mbcs.h
mem.c drivers: char: mem: Check {read,write}_kmem() addresses 2016-08-31 15:21:18 +02:00
misc.c char: make misc_deregister a void function 2015-08-05 10:35:49 -07:00
mmtimer.c drivers/char/mmtimer.c: Remove useless kfree 2012-09-26 13:20:40 -07:00
mspec.c tree wide: use kvfree() than conditional kfree()/vfree() 2016-01-22 17:02:18 -08:00
nsc_gpio.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
nvram.c char/nvram: set array of const as const 2016-02-08 14:57:30 -08:00
nwbutton.c char: nwbutton: avoid unused variable warning 2016-02-09 17:39:56 -08:00
nwbutton.h
nwflash.c new helpers: no_seek_end_llseek{,_size}() 2015-12-23 10:41:31 -05:00
pc8736x_gpio.c pc8736x_gpio: use platform_device_unregister in pc8736x_gpio_cleanup() 2012-10-24 15:52:29 -07:00
powernv-op-panel.c powerpc/powernv: Add driver for operator panel on FSP machines 2016-06-29 17:33:46 +10:00
ppdev.c ppdev: use new parport device model 2016-08-31 14:22:49 +02:00
ps3flash.c wrappers for ->i_mutex access 2016-01-22 18:04:28 -05:00
random.c random: Fix crashes with sparse node ids 2016-07-30 21:00:06 -07:00
raw.c drivers: char: raw: Removed unnecessary braces 2016-02-08 14:57:30 -08:00
rtc.c various char drivers: remove deprecated IRQF_DISABLED 2013-10-16 12:36:10 -07:00
scx200_gpio.c
snsc_event.c various char drivers: remove deprecated IRQF_DISABLED 2013-10-16 12:36:10 -07:00
snsc.c snsc: check return value of class_create 2016-08-31 14:47:54 +02:00
snsc.h
sonypi.c char: drop owner assignment from platform_drivers 2014-10-20 16:20:19 +02:00
tb0219.c char: drop owner assignment from platform_drivers 2014-10-20 16:20:19 +02:00
tile-srom.c tile-srom: avoid krealloc(... __GFP_ZERO) pattern 2016-08-30 14:45:50 +02:00
tlclk.c tlclk: remove deprecated IRQF_DISABLED 2013-10-16 12:36:10 -07:00
toshiba.c toshiba laptop: replace ioremap_cache with ioremap 2015-08-05 17:26:00 -07:00
ttyprintk.c char: constify tty_port_operations structs 2016-02-06 23:31:08 -08:00
uv_mmtimer.c
virtio_console.c virtio_console: silence a static checker warning 2015-05-24 12:24:35 -07:00