From: Grazvydas Ignotas <notasas@gmail.com>
Date: Sun, 8 Feb 2015 02:05:06 +0000 (+0200)
Subject: mm: actually remap enough memory
X-Git-Tag: sz_173~65
X-Git-Url: https://git.openpandora.org/cgi-bin/gitweb.cgi?p=pandora-kernel.git;a=commitdiff_plain;h=935299e1f769a91948a9f66be654024d6b1f204d;ds=sidebyside

mm: actually remap enough memory

For whatever reason, generic_access_phys() only remaps one page, but
actually allows to access arbitrary size. It's quite easy to trigger
large reads, like printing out large structure with gdb, which leads to
a crash. Fix it by remapping correct size.

Fixes: 28b2ee20c7cb ("access_process_vm device memory infrastructure")
Cc: stable@vger.kernel.org
Signed-off-by: Grazvydas Ignotas <notasas@gmail.com>
---

diff --git a/mm/memory.c b/mm/memory.c
index b9a95f103d49..79c71de0da3c 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -3836,7 +3836,7 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr,
 	if (follow_phys(vma, addr, write, &prot, &phys_addr))
 		return -EINVAL;
 
-	maddr = ioremap_prot(phys_addr, PAGE_SIZE, prot);
+	maddr = ioremap_prot(phys_addr, PAGE_ALIGN(len + offset), prot);
 	if (write)
 		memcpy_toio(maddr + offset, buf, len);
 	else