github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 22:52:35 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
d19e48fe5d
linux/include
History
Al Viro 3f5d8326a8 fix fault_in_multipages_...() on architectures with no-op access_ok() 
commit e23d4159b1 upstream.

Switching iov_iter fault-in to multipages variants has exposed an old
bug in underlying fault_in_multipages_...(); they break if the range
passed to them wraps around.  Normally access_ok() done by callers will
prevent such (and it's a guaranteed EFAULT - ERR_PTR() values fall into
such a range and they should not point to any valid objects).

However, on architectures where userland and kernel live in different
MMU contexts (e.g. s390) access_ok() is a no-op and on those a range
with a wraparound can reach fault_in_multipages_...().

Since any wraparound means EFAULT there, the fix is trivial - turn
those

    while (uaddr <= end)
	    ...
into

    if (unlikely(uaddr > end))
	    return -EFAULT;
    do
	    ...
    while (uaddr <= end);

Reported-by: Jan Stancek <jstancek@redhat.com>
Tested-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-09-30 10:18:37 +02:00
..
acpi Merge branch 'acpi-pci' 2015-11-07 01:30:10 +01:00
asm-generic asm-generic: make copy_from_user() zero the destination properly 2016-09-24 10:07:45 +02:00
clocksource
crypto crypto: af_alg - Allow af_af_alg_release_parent to be called on nokey path 2016-02-17 12:31:03 -08:00
drm drm/i915/skl: Add missing SKL ids 2016-09-15 08:27:44 +02:00
dt-bindings ARM: DT updates for v4.4 2015-11-10 15:06:26 -08:00
keys KEYS: Merge the type-specific data with the payload data 2015-10-21 15:18:36 +01:00
kvm KVM: arm/arm64: arch_timer: Preserve physical dist. active state on LR.active 2015-11-24 18:07:40 +01:00
linux fix fault_in_multipages_...() on architectures with no-op access_ok() 2016-09-30 10:18:37 +02:00
math-emu
media videobuf2-core: Check user space planes array in dqbuf 2016-05-04 14:48:50 -07:00
memory
misc
net af_unix: split 'u->readlock' into two: 'iolock' and 'bindlock' 2016-09-30 10:18:36 +02:00
pcmcia
ras
rdma IB/security: Restrict use of the write() interface 2016-05-04 14:48:48 -07:00
rxrpc
scsi scsi: Add intermediate STARGET_REMOVE state to scsi_target_state 2016-06-01 12:15:54 -07:00
soc ARM: SoC driver updates for v4.4 2015-11-10 15:00:03 -08:00
sound ALSA: rawmidi: Make snd_rawmidi_transmit() race-free 2016-02-17 12:30:58 -08:00
target target: Fix ordered task CHECK_CONDITION early exception handling 2016-08-20 18:09:26 +02:00
trace SUNRPC: Don't allocate a full sockaddr_storage for tracing 2016-08-20 18:09:26 +02:00
uapi cxlflash: Fix to avoid virtual LUN failover failure 2016-09-15 08:27:49 +02:00
video drm/imx: Match imx-ipuv3-crtc components using device node in platform data 2016-06-07 18:14:37 -07:00
xen xen: Fix page <-> pfn conversion on 32 bit systems 2016-05-11 11:21:14 +02:00
Kbuild