oss-sec mailing list archives
Re: kernel: avoid pgoff overflow in remap_file_pages
From: Thomas Pollet <thomas.pollet () gmail com>
Date: Tue, 12 Oct 2010 11:27:42 +0200
fwiw, this check : if (pgoff + (size >> PAGE_SHIFT) >= (1UL << PTE_FILE_MAX_BITS)) is done to make sure the most significant bits are zero pgoff is later used to create a page table entry set_pte_at(mm, addr, pte, pgoff_to_pte(pgoff)); the other bits of the pte_t are reserved for the page status bits. The exact implementation is architecture dependent. Regards, Thomas On 12 October 2010 09:19, Eugene Teo <eugene () redhat com> wrote:
Thomas Pollet reported an integer overflow issue in remap_file_pages(). While we are able to reproduce the issue, we are unable to find a security impact. If your views differ, do let us know. https://bugzilla.redhat.com/show_bug.cgi?id=636383 http://git.kernel.org/linus/5ec1055aa5632dd7a8283cdb5fa9be3c535eaa06 Thanks, Eugene -- main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
Current thread:
- kernel: avoid pgoff overflow in remap_file_pages Eugene Teo (Oct 12)
- Re: kernel: avoid pgoff overflow in remap_file_pages Thomas Pollet (Oct 12)
- Re: kernel: avoid pgoff overflow in remap_file_pages akiphie (Oct 12)