is_kmap_addr() is only looking at the kmap() address range which may
cause check_heap_object() to miss checking an overflow on a
kmap_local_page() page.
Add a check for the kmap_local_page() address range to is_kmap_addr().
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: "Fabio M. De Francesco" <fmdefrancesco@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Ira Weiny <ira.weiny@intel.com>
---
include/linux/highmem-internal.h | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/include/linux/highmem-internal.h b/include/linux/highmem-internal.h
index e098f38422af..a3028e400a9c 100644
--- a/include/linux/highmem-internal.h
+++ b/include/linux/highmem-internal.h
@@ -152,7 +152,10 @@ static inline void totalhigh_pages_add(long count)
static inline bool is_kmap_addr(const void *x)
{
unsigned long addr = (unsigned long)x;
- return addr >= PKMAP_ADDR(0) && addr < PKMAP_ADDR(LAST_PKMAP);
+
+ return (addr >= PKMAP_ADDR(0) && addr < PKMAP_ADDR(LAST_PKMAP)) ||
+ (addr >= __fix_to_virt(FIX_KMAP_END) &&
+ addr < __fix_to_virt(FIX_KMAP_BEGIN));
}
#else /* CONFIG_HIGHMEM */
--
2.39.1On Fri, Feb 03, 2023 at 08:06:32PM -0800, Ira Weiny wrote:
> is_kmap_addr() is only looking at the kmap() address range which may
> cause check_heap_object() to miss checking an overflow on a
> kmap_local_page() page.
>
> Add a check for the kmap_local_page() address range to is_kmap_addr().
>
> Cc: Matthew Wilcox <willy@infradead.org>
> Cc: Al Viro <viro@zeniv.linux.org.uk>
> Cc: "Fabio M. De Francesco" <fmdefrancesco@gmail.com>
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: Christoph Hellwig <hch@lst.de>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Signed-off-by: Ira Weiny <ira.weiny@intel.com>
> ---
> include/linux/highmem-internal.h | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
Added to https://git.linaro.org/people/jens.wiklander/linux-tee.git/log/?h=get_kernel_pages-for-v6.4
Thanks,
Jens
> diff --git a/include/linux/highmem-internal.h b/include/linux/highmem-internal.h
> index e098f38422af..a3028e400a9c 100644
> --- a/include/linux/highmem-internal.h
> +++ b/include/linux/highmem-internal.h
> @@ -152,7 +152,10 @@ static inline void totalhigh_pages_add(long count)
> static inline bool is_kmap_addr(const void *x)
> {
> unsigned long addr = (unsigned long)x;
> - return addr >= PKMAP_ADDR(0) && addr < PKMAP_ADDR(LAST_PKMAP);
> +
> + return (addr >= PKMAP_ADDR(0) && addr < PKMAP_ADDR(LAST_PKMAP)) ||
> + (addr >= __fix_to_virt(FIX_KMAP_END) &&
> + addr < __fix_to_virt(FIX_KMAP_BEGIN));
> }
> #else /* CONFIG_HIGHMEM */
>
>
> --
> 2.39.1
On Fri, 03 Feb 2023 20:06:32 -0800 Ira Weiny <ira.weiny@intel.com> wrote: > is_kmap_addr() is only looking at the kmap() address range which may > cause check_heap_object() to miss checking an overflow on a > kmap_local_page() page. > > Add a check for the kmap_local_page() address range to is_kmap_addr(). Acked-by: Andrew Morton <akpm@linux-foudation.org>
On Fri, Feb 03, 2023 at 08:06:32PM -0800, Ira Weiny wrote: > - return addr >= PKMAP_ADDR(0) && addr < PKMAP_ADDR(LAST_PKMAP); > + > + return (addr >= PKMAP_ADDR(0) && addr < PKMAP_ADDR(LAST_PKMAP)) || > + (addr >= __fix_to_virt(FIX_KMAP_END) && > + addr < __fix_to_virt(FIX_KMAP_BEGIN)); Isn't the second check inverted?
Christoph Hellwig wrote: > On Fri, Feb 03, 2023 at 08:06:32PM -0800, Ira Weiny wrote: > > - return addr >= PKMAP_ADDR(0) && addr < PKMAP_ADDR(LAST_PKMAP); > > + > > + return (addr >= PKMAP_ADDR(0) && addr < PKMAP_ADDR(LAST_PKMAP)) || > > + (addr >= __fix_to_virt(FIX_KMAP_END) && > > + addr < __fix_to_virt(FIX_KMAP_BEGIN)); > > Isn't the second check inverted? > The enum map runs from top down. So I believe this is correct. I tested it with a different series and it worked. Ira
© 2016 - 2025 Red Hat, Inc.