From: "Philippe Mathieu-Daudé" <f4bug@amsat.org>
To: Paul Burton <paul.burton@mips.com>,
"linux-mips@vger.kernel.org" <linux-mips@vger.kernel.org>
Cc: Paul Burton <pburton@wavecomp.com>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH] MIPS: Fix access_ok() for the last byte of user space
Date: Sun, 14 Apr 2019 22:16:11 +0200 [thread overview]
Message-ID: <63900602-56d5-72b7-fdcb-4558d1007401@amsat.org> (raw)
In-Reply-To: <20190209194718.1294-1-paul.burton@mips.com>
On 2/9/19 8:47 PM, Paul Burton wrote:
> The MIPS implementation of access_ok() incorrectly reports that access
> to the final byte of user memory is not OK, much as the alpha & SH
> versions did prior to commit 94bd8a05cd4d ("Fix 'acccess_ok()' on alpha
> and SH").
>
> For example on a MIPS64 system with __UA_LIMIT == 0xffff000000000000 we
> incorrectly fail in the following cases:
>
> access_ok(0xffffffffffff, 0x1) = 0
> access_ok(0xfffffffffffe, 0x2) = 0
>
> Fix MIPS in the same way as alpha & SH, by subtracting one from the addr
> + size condition when size is non-zero. With this the access_ok() calls
> above return 1 indicating that the access may be valid.
>
> The cost of the improved check is pretty minimal - we gain 2410 bytes,
> or 0.03%, in kernel code size for a 64r6el_defconfig kernel built using
> GCC 8.1.0.
>
> Signed-off-by: Paul Burton <paul.burton@mips.com>
> Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
> ---
>
> arch/mips/include/asm/uaccess.h | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/arch/mips/include/asm/uaccess.h b/arch/mips/include/asm/uaccess.h
> index d43c1dc6ef15..774c0f955ab0 100644
> --- a/arch/mips/include/asm/uaccess.h
> +++ b/arch/mips/include/asm/uaccess.h
> @@ -128,7 +128,9 @@ static inline bool eva_kernel_access(void)
> static inline int __access_ok(const void __user *p, unsigned long size)
> {
> unsigned long addr = (unsigned long)p;
> - return (get_fs().seg & (addr | (addr + size) | __ua_size(size))) == 0;
> + unsigned long end = addr + size - !!size;
> +
> + return (get_fs().seg & (addr | end | __ua_size(size))) == 0;
> }
>
> #define access_ok(addr, size) \
>
>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
prev parent reply other threads:[~2019-04-14 20:16 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-09 19:47 [PATCH] MIPS: Fix access_ok() for the last byte of user space Paul Burton
2019-02-09 20:06 ` Linus Torvalds
2019-04-14 20:16 ` Philippe Mathieu-Daudé [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=63900602-56d5-72b7-fdcb-4558d1007401@amsat.org \
--to=f4bug@amsat.org \
--cc=linux-mips@vger.kernel.org \
--cc=paul.burton@mips.com \
--cc=pburton@wavecomp.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).