Kernel: apply x86 copy overflow check to ARM

Apply the x86 overflow check from git-d09f72c to ARM code as well. Not just stack traces, but also system services can trigger this case, possibly as a result of being handed bad pointers by userland, ending in a kernel panic. Change-Id: Ib817e8b682fafec8edb486a094319ad11eda7081
2015-12-29 15:58:24 +00:00 · 2015-12-29 15:58:24 +00:00 · 59f1f7ecdd
commit 59f1f7ecdd
parent f12160c14d
1 changed files with 6 additions and 2 deletions
--- a/minix/kernel/arch/earm/memory.c
+++ b/minix/kernel/arch/earm/memory.c
@ -193,9 +193,13 @@ static int lin_lin_copy(struct proc *srcproc, vir_bytes srclinaddr,
 		/* Set up 1MB ranges. */
 		srcptr = createpde(srcproc, srclinaddr, &chunk, 0, &changed);
 		dstptr = createpde(dstproc, dstlinaddr, &chunk, 1, &changed);
-		if(changed) {
+		if(changed)
 			reload_ttbr0();
-		}
+
+		/* Check for overflow. */
+		if (srcptr + chunk < srcptr) return EFAULT_SRC;
+		if (dstptr + chunk < dstptr) return EFAULT_DST;
+
 		/* Copy pages. */
 		PHYS_COPY_CATCH(srcptr, dstptr, chunk, addr);