Commit 79cce5e8 authored Aug 30, 2024 by T.J. Mercier Committed by Greg Kroah-Hartman Oct 17, 2024

dma-buf: heaps: Fix off-by-one in CMA heap fault handler

commit ea5ff5d3 upstream.

Until VM_DONTEXPAND was added in commit 1c1914d6 ("dma-buf: heaps:
Don't track CMA dma-buf pages under RssFile") it was possible to obtain
a mapping larger than the buffer size via mremap and bypass the overflow
check in dma_buf_mmap_internal. When using such a mapping to attempt to
fault past the end of the buffer, the CMA heap fault handler also checks
the fault offset against the buffer size, but gets the boundary wrong by
1. Fix the boundary check so that we don't read off the end of the pages
array and insert an arbitrary page in the mapping.

Reported-by: Xingyu Jin <xingyuj@google.com>
Fixes: a5d2d29e ("dma-buf: heaps: Move heap-helper logic into the cma_heap implementation")
Cc: stable@vger.kernel.org # Applicable >= 5.10. Needs adjustments only for 5.10.
Signed-off-by: T.J. Mercier <tjmercier@google.com>
Acked-by: John Stultz <jstultz@google.com>
Signed-off-by: Sumit Semwal <sumit.semwal@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20240830192627.2546033-1-tjmercier@google.com

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 16b3e7ad

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit cd227937
· Nov 05, 2025

mentioned in commit cd227937

mentioned in commit cd22793732eb11a20b1e2b05e9aa84fa02771da2

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit efda96a3
· Nov 05, 2025

mentioned in commit efda96a3

mentioned in commit efda96a3f9b9ad99333b27435c50a0ff9363d41c

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 8ccaede7
· Nov 05, 2025

mentioned in commit 8ccaede7

mentioned in commit 8ccaede74b66d523bf70436de9736037048f90d3

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 9b6fc2bc
· Nov 05, 2025

mentioned in commit 9b6fc2bc

mentioned in commit 9b6fc2bc30e3c52380af90f37a442795c6f1da4a

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 0ed5daa7
· Nov 05, 2025

mentioned in commit 0ed5daa7

mentioned in commit 0ed5daa75b3a0cc2573989aa859ac2641235e147

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 55fd072a
· Nov 05, 2025

mentioned in commit 55fd072a

mentioned in commit 55fd072ae46573d11da43912483a75a78c09bab0

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit b39bede9
· Nov 05, 2025

mentioned in commit b39bede9

mentioned in commit b39bede92e4cb36dd8f92baef0c2d4a9ef0f9586

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 93d7ac63
· Nov 05, 2025

mentioned in commit 93d7ac63

mentioned in commit 93d7ac633861fbb7f6b1116cbf6adc26634eaf5b

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 7e6427a0
· Nov 05, 2025

mentioned in commit 7e6427a0

mentioned in commit 7e6427a0513da62423d9b0ad57aea4e1dd4b7be9

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit ffb95009
· Nov 05, 2025

mentioned in commit ffb95009

mentioned in commit ffb95009cde2096f73506e90203d952e8b1bc790

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 8434c92b
· Nov 05, 2025

mentioned in commit 8434c92b

mentioned in commit 8434c92b0f8a75566709791e6cead0bfb989fec9

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 8a2060bf
· Nov 05, 2025

mentioned in commit 8a2060bf

mentioned in commit 8a2060bf3ba2ed8e93afad4d95aaeb9d9ea024cf

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 28959046
· Nov 05, 2025

mentioned in commit 28959046

mentioned in commit 289590462f97619028c28fb849742fcf8f36ecba

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 0bf42be7
· Nov 05, 2025

mentioned in commit 0bf42be7

mentioned in commit 0bf42be70e25cbcd75333d321b6f603f3562084e

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit d5b332d0
· Nov 05, 2025

mentioned in commit d5b332d0

mentioned in commit d5b332d03bf0a626275a738946bbebe4d6a11f13

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 1c775377
· Nov 05, 2025

mentioned in commit 1c775377

mentioned in commit 1c77537783783bb8d67e45142ffb1daed917c3f5

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 31a4a67b
· Nov 05, 2025

mentioned in commit 31a4a67b

mentioned in commit 31a4a67baf6d14804aa5c0360e13b726cf2d3548

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit c4cd0bca
· Nov 05, 2025

mentioned in commit c4cd0bca

mentioned in commit c4cd0bca48786457da403a31472570a2e2923ed8

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit f124355e
· Nov 05, 2025

mentioned in commit f124355e

mentioned in commit f124355ed51c75a93a79914a2d942a4540b0e4c4

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit b877b7c1
· Nov 05, 2025

mentioned in commit b877b7c1

mentioned in commit b877b7c1228a8a8f9f791443adbdc06d8972e3f2

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit fd48f580
· Nov 05, 2025

mentioned in commit fd48f580

mentioned in commit fd48f5803a4ea2315b12f2c0603f7742add7b099

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 001d613e
· Nov 05, 2025

mentioned in commit 001d613e

mentioned in commit 001d613e561e09a6c3f72634229f4784cc817cf4

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 3c0def32
· Nov 05, 2025

mentioned in commit 3c0def32

mentioned in commit 3c0def320dcc54eab093d4c6d99c98323621fe1b

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 48c8cec6
· Nov 05, 2025

mentioned in commit 48c8cec6

mentioned in commit 48c8cec6bfa8f23a662e34ce842e6f63a26d8574

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 534fb7b0
· Nov 05, 2025

mentioned in commit 534fb7b0

mentioned in commit 534fb7b038f43f9de49ca97fae4d7445e640a9da

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 5ab6ca61
· Nov 05, 2025

mentioned in commit 5ab6ca61

mentioned in commit 5ab6ca610cca0f101b59afc808d78dfe1bd973aa

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 35fae635
· Nov 05, 2025

mentioned in commit 35fae635

mentioned in commit 35fae63593135636e7f80a3570e0ee45e63b6b19

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 43283148
· Nov 05, 2025

mentioned in commit 43283148

mentioned in commit 4328314829026b80ecbb5aa9ff83402856147c77

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit fc735645
· Nov 05, 2025

mentioned in commit fc735645

mentioned in commit fc73564555eba618f6d2d3a8d1a8e8c17546ccd6

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit db208de4
· Nov 05, 2025

mentioned in commit db208de4

mentioned in commit db208de4aabf11b4e7f1607e04dc32a2fba75367

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 8962b1cc
· Nov 05, 2025

mentioned in commit 8962b1cc

mentioned in commit 8962b1cca05676f08df468596efe60b9ed76f0ea

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 5cca89bb
· Nov 05, 2025

mentioned in commit 5cca89bb

mentioned in commit 5cca89bba0f422e800fe67042b3473e11675a4af

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit bb26f73c
· Nov 05, 2025

mentioned in commit bb26f73c

mentioned in commit bb26f73ca1f60c9f1c6d3795a15376959f8126bc

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 45b55744
· Nov 05, 2025

mentioned in commit 45b55744

mentioned in commit 45b557443d28d14bc658dcc486fe0e000e1ff732

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit ecfdf980
· Nov 05, 2025

mentioned in commit ecfdf980

mentioned in commit ecfdf98024d96d1104fad75ca4b40de4e6f5aff4

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 27acbcf7
· Nov 05, 2025

mentioned in commit 27acbcf7

mentioned in commit 27acbcf70c2b641916ec17a0553c9e6f8446d606

Toggle commit list

Please to comment