evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/arch
History
Mark Rutland 06dd8281a7 arm64: uaccess: ensure extension of access_ok() addr 
commit a06040d7a791a9177581dcf7293941bd92400856 upstream.

Our access_ok() simply hands its arguments over to __range_ok(), which
implicitly assummes that the addr parameter is 64 bits wide. This isn't
necessarily true for compat code, which might pass down a 32-bit address
parameter.

In these cases, we don't have a guarantee that the address has been zero
extended to 64 bits, and the upper bits of the register may contain
unknown values, potentially resulting in a suprious failure.

Avoid this by explicitly casting the addr parameter to an unsigned long
(as is done on other architectures), ensuring that the parameter is
widened appropriately.

Fixes: 0aea86a217 ("arm64: User access library functions")
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-25 14:30:15 +02:00
..
alpha alpha: fix copy_from_user() 2016-09-24 10:07:45 +02:00
arc ARCv2: save r30 on kernel entry as gcc uses it for code-gen 2017-05-02 21:19:56 -07:00
arm ARM: dts: at91: sama5d3_xplained: not all ADC channels are available 2017-05-25 14:30:15 +02:00
arm64 arm64: uaccess: ensure extension of access_ok() addr 2017-05-25 14:30:15 +02:00
avr32 avr32: off by one in at32_init_pio() 2016-10-07 15:23:45 +02:00
blackfin net: smc91x: fix SMC accesses 2016-09-30 10:18:37 +02:00
c6x c6x/ptrace: Remove useless PTRACE_SETREGSET implementation 2017-03-31 09:49:53 +02:00
cris cris: Only build flash rescue image if CONFIG_ETRAX_AXISFLASHMAP is selected 2017-01-12 11:22:48 +01:00
frv frv: fix clear_user() 2016-09-24 10:07:44 +02:00
h8300 h8300/ptrace: Fix incorrect register transfer count 2017-03-31 09:49:53 +02:00
hexagon hexagon: fix strncpy_from_user() error return 2016-09-24 10:07:44 +02:00
ia64 ia64: copy_from_user() should zero the destination on access_ok() failure 2016-09-24 10:07:46 +02:00
m32r m32r: fix __get_user() 2016-09-24 10:07:43 +02:00
m68k m68k: Fix ndelay() macro 2016-12-15 08:49:23 -08:00
metag metag/usercopy: Add missing fixups 2017-04-12 12:38:34 +02:00
microblaze microblaze: fix copy_from_user() 2016-09-24 10:07:43 +02:00
mips MIPS: R2-on-R6 MULTU/MADDU/MSUBU emulation bugfix 2017-05-14 13:32:57 +02:00
mn10300 mn10300: copy_from_user() should zero on access_ok() failure... 2016-09-24 10:07:45 +02:00
nios2 nios2: reserve boot memory for device tree 2017-04-12 12:38:34 +02:00
openrisc openrisc: fix the fix of copy_from_user() 2016-09-24 10:07:46 +02:00
parisc parisc: Don't use BITS_PER_LONG in userspace-exported swab.h header 2017-02-01 08:30:53 +01:00
powerpc powerpc/64e: Fix hang when debugging programs with relocated kernel 2017-05-25 14:30:15 +02:00
s390 s390/cputime: fix incorrect system time 2017-05-25 14:30:09 +02:00
score score: fix copy_from_user() and friends 2016-09-24 10:07:44 +02:00
sh sh: fix copy_from_user() 2016-09-24 10:07:44 +02:00
sparc sparc64: Fix kernel panic due to erroneous #ifdef surrounding pmd_write() 2017-05-02 21:19:50 -07:00
tile tile/ptrace: Preserve previous registers for short regset write 2017-02-01 08:30:52 +01:00
um um: Don't discard .text.exit section 2016-09-07 08:32:38 +02:00
unicore32
x86 KVM: X86: Fix read out-of-bounds vulnerability in kvm pio emulation 2017-05-25 14:30:09 +02:00
xtensa xtensa: move parse_tag_fdt out of #ifdef CONFIG_BLK_DEV_INITRD 2017-03-15 09:57:14 +08:00
.gitignore
Kconfig