korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-21 01:54:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
8a8b56638b
linux/arch
History
James Hogan 8a8b56638b metag/uaccess: Fix access_ok() 
The __user_bad() macro used by access_ok() has a few corner cases
noticed by Al Viro where it doesn't behave correctly:

 - The kernel range check has off by 1 errors which permit access to the
   first and last byte of the kernel mapped range.

 - The kernel range check ends at LINCORE_BASE rather than
   META_MEMORY_LIMIT, which is ineffective when the kernel is in global
   space (an extremely uncommon configuration).

There are a couple of other shortcomings here too:

 - Access to the whole of the other address space is permitted (i.e. the
   global half of the address space when the kernel is in local space).
   This isn't ideal as it could theoretically still contain privileged
   mappings set up by the bootloader.

 - The size argument is unused, permitting user copies which start on
   valid pages at the end of the user address range and cross the
   boundary into the kernel address space (e.g. addr = 0x3ffffff0, size
   > 0x10).

It isn't very convenient to add size checks when disallowing certain
regions, and it seems far safer to be sure and explicit about what
userland is able to access, so invert the logic to allow certain regions
instead, and fix the off by 1 errors and missing size checks. This also
allows the get_fs() == KERNEL_DS check to be more easily optimised into
the user address range case.

We now have 3 such allowed regions:

 - The user address range (incorporating the get_fs() == KERNEL_DS
   check).

 - NULL (some kernel code expects this to work, and we'll always catch
   the fault anyway).

 - The core code memory region.

Fixes: 373cd784d0 ("metag: Memory handling")
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: linux-metag@vger.kernel.org
Cc: stable@vger.kernel.org
2017-05-02 19:03:40 +01:00
..
alpha sched/headers: Move task->mm handling methods to <linux/sched/mm.h> 2017-03-03 01:43:28 +01:00
arc sched/headers: Move task->mm handling methods to <linux/sched/mm.h> 2017-03-03 01:43:28 +01:00
arm Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2017-03-04 10:42:53 -08:00
arm64 ARM: SoC: late DT updates for v4.11 2017-03-03 16:15:48 -08:00
avr32 sched/headers: Prepare to remove the <linux/mm_types.h> dependency from <linux/sched.h> 2017-03-02 08:42:37 +01:00
blackfin sched/headers: Move task->mm handling methods to <linux/sched/mm.h> 2017-03-03 01:43:28 +01:00
c6x sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h> 2017-03-02 08:42:36 +01:00
cris sched/headers: Prepare to remove the <linux/mm_types.h> dependency from <linux/sched.h> 2017-03-02 08:42:37 +01:00
frv sched/headers: Prepare to move 'init_task' and 'init_thread_union' from <linux/sched.h> to <linux/sched/task.h> 2017-03-02 08:42:38 +01:00
h8300 sched/headers: Prepare to remove the <linux/mm_types.h> dependency from <linux/sched.h> 2017-03-02 08:42:37 +01:00
hexagon sched/headers: Move task->mm handling methods to <linux/sched/mm.h> 2017-03-03 01:43:28 +01:00
ia64 sched/core: Remove unused prefetch_stack() 2017-03-03 01:45:38 +01:00
m32r sched/headers: Move task->mm handling methods to <linux/sched/mm.h> 2017-03-03 01:43:28 +01:00
m68k sched/headers: Prepare to remove the <linux/mm_types.h> dependency from <linux/sched.h> 2017-03-02 08:42:37 +01:00
metag metag/uaccess: Fix access_ok() 2017-05-02 19:03:40 +01:00
microblaze sched/headers: Prepare to remove the <linux/mm_types.h> dependency from <linux/sched.h> 2017-03-02 08:42:37 +01:00
mips sched/headers: Remove the <linux/topology.h> include from <linux/sched.h> 2017-03-03 01:45:41 +01:00
mn10300 sched/headers: Prepare to remove the <linux/mm_types.h> dependency from <linux/sched.h> 2017-03-02 08:42:37 +01:00
nios2 sched/headers: Prepare to move 'init_task' and 'init_thread_union' from <linux/sched.h> to <linux/sched/task.h> 2017-03-02 08:42:38 +01:00
openrisc sched/headers: Prepare to move kstack_end() from <linux/sched.h> to <linux/sched/task_stack.h> 2017-03-02 08:42:39 +01:00
parisc Merge branch 'parisc-4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux 2017-03-03 16:20:06 -08:00
powerpc Second batch of KVM changes for 4.11 merge window 2017-03-04 11:36:19 -08:00
s390 sched/headers: Move task statistics APIs from <linux/sched.h> to <linux/sched/stat.h> 2017-03-03 01:43:43 +01:00
score sched/headers: Move task->mm handling methods to <linux/sched/mm.h> 2017-03-03 01:43:28 +01:00
sh sched/headers: Remove <asm/ptrace.h> from <linux/sched.h> 2017-03-03 01:45:33 +01:00
sparc sched/headers: Move task->mm handling methods to <linux/sched/mm.h> 2017-03-03 01:43:28 +01:00
tile sched/headers: Move task->mm handling methods to <linux/sched/mm.h> 2017-03-03 01:43:28 +01:00
um sched/headers: Prepare to move kstack_end() from <linux/sched.h> to <linux/sched/task_stack.h> 2017-03-02 08:42:39 +01:00
unicore32 sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h> 2017-03-02 08:42:36 +01:00
x86 Second batch of KVM changes for 4.11 merge window 2017-03-04 11:36:19 -08:00
xtensa Xtensa improvements for v4.11: 2017-03-03 16:17:55 -08:00
.gitignore
Kconfig scripts/spelling.txt: add "an user" pattern and fix typo instances 2017-02-27 18:43:46 -08:00