[3.8.y.z extended stable] Patch "uio: fix vma io range check in mmap" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Mon Jul 21 21:21:34 UTC 2014 

This is a note to let you know that I have just added a patch titled

    uio: fix vma io range check in mmap

to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.8.y-queue

This patch is scheduled to be released in version 3.8.13.27.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.8.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From 6cb66138a092269b905e91891141d236a0398811 Mon Sep 17 00:00:00 2001
From: Bin Wang <binw at marvell.com>
Date: Tue, 25 Mar 2014 13:52:06 +0800
Subject: uio: fix vma io range check in mmap

commit ddb09754e6c7239e302c7b675df9bbd415f8de5d upstream.

the vma range size is always page size aligned in mmap, while the
real io space range may not be page aligned, thus leading to range
check failure in the uio_mmap_physical().

for example, in a case of io range size "mem->size == 1KB", and we
have (vma->vm_end - vma->vm_start) == 4KB, due to "len" is aligned
to page size in do_mmap_pgoff().

now fix this issue by align mem->size to page size in the check.

Signed-off-by: Bin Wang <binw at marvell.com>
Signed-off-by: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.yj at renesas.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 drivers/uio/uio.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
index 9981b9b..354c095 100644
--- a/drivers/uio/uio.c
+++ b/drivers/uio/uio.c
@@ -657,7 +657,7 @@ static int uio_mmap_physical(struct vm_area_struct *vma)

 	if (mem->addr & ~PAGE_MASK)
 		return -ENODEV;
-	if (vma->vm_end - vma->vm_start > mem->size)
+	if (vma->vm_end - vma->vm_start > PAGE_ALIGN(mem->size))
 		return -EINVAL;

 	vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
--
1.9.1

More information about the kernel-team mailing list