From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:38536 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1030730AbdEWOqk (ORCPT ); Tue, 23 May 2017 10:46:40 -0400 Subject: Patch "arm64: uaccess: ensure extension of access_ok() addr" has been added to the 4.11-stable tree To: mark.rutland@arm.com, catalin.marinas@arm.com, gregkh@linuxfoundation.org, will.deacon@arm.com Cc: , From: Date: Tue, 23 May 2017 16:45:42 +0200 Message-ID: <14955507426429@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org List-ID: This is a note to let you know that I've just added the patch titled arm64: uaccess: ensure extension of access_ok() addr to the 4.11-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: arm64-uaccess-ensure-extension-of-access_ok-addr.patch and it can be found in the queue-4.11 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >>From a06040d7a791a9177581dcf7293941bd92400856 Mon Sep 17 00:00:00 2001 From: Mark Rutland Date: Wed, 3 May 2017 16:09:35 +0100 Subject: arm64: uaccess: ensure extension of access_ok() addr From: Mark Rutland commit a06040d7a791a9177581dcf7293941bd92400856 upstream. Our access_ok() simply hands its arguments over to __range_ok(), which implicitly assummes that the addr parameter is 64 bits wide. This isn't necessarily true for compat code, which might pass down a 32-bit address parameter. In these cases, we don't have a guarantee that the address has been zero extended to 64 bits, and the upper bits of the register may contain unknown values, potentially resulting in a suprious failure. Avoid this by explicitly casting the addr parameter to an unsigned long (as is done on other architectures), ensuring that the parameter is widened appropriately. Fixes: 0aea86a2176c ("arm64: User access library functions") Acked-by: Will Deacon Signed-off-by: Mark Rutland Signed-off-by: Catalin Marinas Signed-off-by: Greg Kroah-Hartman --- arch/arm64/include/asm/uaccess.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -95,11 +95,12 @@ static inline void set_fs(mm_segment_t f */ #define __range_ok(addr, size) \ ({ \ + unsigned long __addr = (unsigned long __force)(addr); \ unsigned long flag, roksum; \ __chk_user_ptr(addr); \ asm("adds %1, %1, %3; ccmp %1, %4, #2, cc; cset %0, ls" \ : "=&r" (flag), "=&r" (roksum) \ - : "1" (addr), "Ir" (size), \ + : "1" (__addr), "Ir" (size), \ "r" (current_thread_info()->addr_limit) \ : "cc"); \ flag; \ Patches currently in stable-queue which might be from mark.rutland@arm.com are queue-4.11/arm64-armv8_deprecated-ensure-extension-of-addr.patch queue-4.11/arm64-uaccess-ensure-extension-of-access_ok-addr.patch queue-4.11/arm64-hw_breakpoint-fix-watchpoint-matching-for-tagged-pointers.patch queue-4.11/arm64-xchg-hazard-against-entire-exchange-variable.patch queue-4.11/arm64-ensure-extension-of-smp_store_release-value.patch