[git pull] uaccess fixes

[git pull] uaccess fixes

[Al Viro]

	Fixes for broken uaccess primitives - mostly lack of proper zeroing
in copy_from_user()/get_user()/__get_user(), but for several architectures
there's more (broken clear_user() on frv and strncpy_from_user() on hexagon).
All of that is rc2-based stable fodder; usercopy stuff that went into mainline
since then has added 3 conflicts - in parisc, ppc and itanic uaccess.h.
Conflicts are trivial; I've pushed my variant of conflict resolution into
#proposed-merge.

The following changes since commit 694d0d0bb2030d2e36df73e2d23d5770511dbc8d:

  Linux 4.8-rc2 (2016-08-14 19:11:36 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git uaccess-fixes

for you to fetch changes up to 8630c32275bac2de6ffb8aea9d9b11663e7ad28e:

  avr32: fix copy_from_user() (2016-09-13 17:50:18 -0400)

----------------------------------------------------------------
Al Viro (27):
      alpha: fix copy_from_user()
      asm-generic: make copy_from_user() zero the destination properly
      asm-generic: make get_user() clear the destination on errors
      cris: buggered copy_from_user/copy_to_user/clear_user
      frv: fix clear_user()
      hexagon: fix strncpy_from_user() error return
      ia64: copy_from_user() should zero the destination on access_ok() failure
      metag: copy_from_user() should zero the destination on access_ok() failure
      mips: copy_from_user() must zero the destination on access_ok() failure
      mn10300: failing __get_user() and get_user() should zero
      mn10300: copy_from_user() should zero on access_ok() failure...
      nios2: copy_from_user() should zero the tail of destination
      nios2: fix __get_user()
      openrisc: fix copy_from_user()
      parisc: fix copy_from_user()
      ppc32: fix copy_from_user()
      s390: get_user() should zero on failure
      score: fix __get_user/get_user
      score: fix copy_from_user() and friends
      sh64: failing __get_user() should zero
      sh: fix copy_from_user()
      sparc32: fix copy_from_user()
      blackfin: fix copy_from_user()
      m32r: fix __get_user()
      microblaze: fix copy_from_user()
      microblaze: fix __get_user()
      avr32: fix copy_from_user()

Vineet Gupta (1):
      ARC: uaccess: get_user to zero out dest in cause of fault

 arch/alpha/include/asm/uaccess.h      | 19 ++++------
 arch/arc/include/asm/uaccess.h        | 11 +++++-
 arch/avr32/include/asm/uaccess.h      | 11 +++++-
 arch/avr32/kernel/avr32_ksyms.c       |  2 +-
 arch/avr32/lib/copy_user.S            |  4 +-
 arch/blackfin/include/asm/uaccess.h   |  9 +++--
 arch/cris/include/asm/uaccess.h       | 71 ++++++++++++++++-------------------
 arch/frv/include/asm/uaccess.h        | 12 ++++--
 arch/hexagon/include/asm/uaccess.h    |  3 +-
 arch/ia64/include/asm/uaccess.h       | 25 ++++++------
 arch/m32r/include/asm/uaccess.h       |  2 +-
 arch/metag/include/asm/uaccess.h      |  3 +-
 arch/microblaze/include/asm/uaccess.h | 11 ++++--
 arch/mips/include/asm/uaccess.h       |  3 ++
 arch/mn10300/include/asm/uaccess.h    |  1 +
 arch/mn10300/lib/usercopy.c           |  4 +-
 arch/nios2/include/asm/uaccess.h      | 13 ++++---
 arch/openrisc/include/asm/uaccess.h   | 35 ++++++-----------
 arch/parisc/include/asm/uaccess.h     |  6 ++-
 arch/powerpc/include/asm/uaccess.h    | 25 +-----------
 arch/s390/include/asm/uaccess.h       |  8 ++--
 arch/score/include/asm/uaccess.h      | 46 ++++++++++++-----------
 arch/sh/include/asm/uaccess.h         |  5 ++-
 arch/sh/include/asm/uaccess_64.h      |  1 +
 arch/sparc/include/asm/uaccess_32.h   |  4 +-
 include/asm-generic/uaccess.h         | 20 ++++++----
 26 files changed, 180 insertions(+), 174 deletions(-)

Re: [git pull] uaccess fixes

[Linus Torvalds]

On Wed, Sep 14, 2016 at 8:47 AM, Al Viro <viro@zeniv.linux.org.uk> wrote:
>
> Conflicts are trivial; I've pushed my variant of conflict resolution into
> #proposed-merge.

Hmm. They may be trivial, but we disagreed about how to resolve the ia64 case.

I think I did a better job, obviously ;)

But if it turns out I screwed up, holler.

           Linus

Re: [git pull] uaccess fixes

[Al Viro]

On Wed, Sep 14, 2016 at 04:47:47PM +0100, Al Viro wrote:
> 	Fixes for broken uaccess primitives - mostly lack of proper zeroing
> in copy_from_user()/get_user()/__get_user(), but for several architectures
> there's more (broken clear_user() on frv and strncpy_from_user() on hexagon).
> All of that is rc2-based stable fodder; usercopy stuff that went into mainline
> since then has added 3 conflicts - in parisc, ppc and itanic uaccess.h.
> Conflicts are trivial; I've pushed my variant of conflict resolution into
> #proposed-merge.

And a bit that has sat in a different branch since mid-August:

[x86] fix minor infoleak in get_user_ex()

get_user_ex(x, ptr) should zero x on failure.  It's not a lot of a leak
(at most we are leaking uninitialized 64bit value off the kernel stack,
and in a fairly constrained situation, at that), but the fix is trivial,
so...

Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
index a0ae610..7821921 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -433,7 +433,11 @@ do {									\
 #define __get_user_asm_ex(x, addr, itype, rtype, ltype)			\
 	asm volatile("1:	mov"itype" %1,%"rtype"0\n"		\
 		     "2:\n"						\
-		     _ASM_EXTABLE_EX(1b, 2b)				\
+		     ".section .fixup,\"ax\"\n"				\
+                     "3:xor"itype" %"rtype"0,%"rtype"0\n"		\
+		     "  jmp 2b\n"					\
+		     ".previous\n"					\
+		     _ASM_EXTABLE_EX(1b, 3b)				\
 		     : ltype(x) : "m" (__m(addr)))
 
 #define __put_user_nocheck(x, ptr, size)			\