* [git pull] uaccess fixes
@ 2016-09-14 15:47 Al Viro
2016-09-14 16:42 ` Linus Torvalds
2016-09-15 1:35 ` Al Viro
0 siblings, 2 replies; 3+ messages in thread
From: Al Viro @ 2016-09-14 15:47 UTC (permalink / raw)
To: Linus Torvalds; +Cc: linux-kernel
Fixes for broken uaccess primitives - mostly lack of proper zeroing
in copy_from_user()/get_user()/__get_user(), but for several architectures
there's more (broken clear_user() on frv and strncpy_from_user() on hexagon).
All of that is rc2-based stable fodder; usercopy stuff that went into mainline
since then has added 3 conflicts - in parisc, ppc and itanic uaccess.h.
Conflicts are trivial; I've pushed my variant of conflict resolution into
#proposed-merge.
The following changes since commit 694d0d0bb2030d2e36df73e2d23d5770511dbc8d:
Linux 4.8-rc2 (2016-08-14 19:11:36 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git uaccess-fixes
for you to fetch changes up to 8630c32275bac2de6ffb8aea9d9b11663e7ad28e:
avr32: fix copy_from_user() (2016-09-13 17:50:18 -0400)
----------------------------------------------------------------
Al Viro (27):
alpha: fix copy_from_user()
asm-generic: make copy_from_user() zero the destination properly
asm-generic: make get_user() clear the destination on errors
cris: buggered copy_from_user/copy_to_user/clear_user
frv: fix clear_user()
hexagon: fix strncpy_from_user() error return
ia64: copy_from_user() should zero the destination on access_ok() failure
metag: copy_from_user() should zero the destination on access_ok() failure
mips: copy_from_user() must zero the destination on access_ok() failure
mn10300: failing __get_user() and get_user() should zero
mn10300: copy_from_user() should zero on access_ok() failure...
nios2: copy_from_user() should zero the tail of destination
nios2: fix __get_user()
openrisc: fix copy_from_user()
parisc: fix copy_from_user()
ppc32: fix copy_from_user()
s390: get_user() should zero on failure
score: fix __get_user/get_user
score: fix copy_from_user() and friends
sh64: failing __get_user() should zero
sh: fix copy_from_user()
sparc32: fix copy_from_user()
blackfin: fix copy_from_user()
m32r: fix __get_user()
microblaze: fix copy_from_user()
microblaze: fix __get_user()
avr32: fix copy_from_user()
Vineet Gupta (1):
ARC: uaccess: get_user to zero out dest in cause of fault
arch/alpha/include/asm/uaccess.h | 19 ++++------
arch/arc/include/asm/uaccess.h | 11 +++++-
arch/avr32/include/asm/uaccess.h | 11 +++++-
arch/avr32/kernel/avr32_ksyms.c | 2 +-
arch/avr32/lib/copy_user.S | 4 +-
arch/blackfin/include/asm/uaccess.h | 9 +++--
arch/cris/include/asm/uaccess.h | 71 ++++++++++++++++-------------------
arch/frv/include/asm/uaccess.h | 12 ++++--
arch/hexagon/include/asm/uaccess.h | 3 +-
arch/ia64/include/asm/uaccess.h | 25 ++++++------
arch/m32r/include/asm/uaccess.h | 2 +-
arch/metag/include/asm/uaccess.h | 3 +-
arch/microblaze/include/asm/uaccess.h | 11 ++++--
arch/mips/include/asm/uaccess.h | 3 ++
arch/mn10300/include/asm/uaccess.h | 1 +
arch/mn10300/lib/usercopy.c | 4 +-
arch/nios2/include/asm/uaccess.h | 13 ++++---
arch/openrisc/include/asm/uaccess.h | 35 ++++++-----------
arch/parisc/include/asm/uaccess.h | 6 ++-
arch/powerpc/include/asm/uaccess.h | 25 +-----------
arch/s390/include/asm/uaccess.h | 8 ++--
arch/score/include/asm/uaccess.h | 46 ++++++++++++-----------
arch/sh/include/asm/uaccess.h | 5 ++-
arch/sh/include/asm/uaccess_64.h | 1 +
arch/sparc/include/asm/uaccess_32.h | 4 +-
include/asm-generic/uaccess.h | 20 ++++++----
26 files changed, 180 insertions(+), 174 deletions(-)
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [git pull] uaccess fixes
2016-09-14 15:47 [git pull] uaccess fixes Al Viro
@ 2016-09-14 16:42 ` Linus Torvalds
2016-09-15 1:35 ` Al Viro
1 sibling, 0 replies; 3+ messages in thread
From: Linus Torvalds @ 2016-09-14 16:42 UTC (permalink / raw)
To: Al Viro; +Cc: Linux Kernel Mailing List
On Wed, Sep 14, 2016 at 8:47 AM, Al Viro <viro@zeniv.linux.org.uk> wrote:
>
> Conflicts are trivial; I've pushed my variant of conflict resolution into
> #proposed-merge.
Hmm. They may be trivial, but we disagreed about how to resolve the ia64 case.
I think I did a better job, obviously ;)
But if it turns out I screwed up, holler.
Linus
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [git pull] uaccess fixes
2016-09-14 15:47 [git pull] uaccess fixes Al Viro
2016-09-14 16:42 ` Linus Torvalds
@ 2016-09-15 1:35 ` Al Viro
1 sibling, 0 replies; 3+ messages in thread
From: Al Viro @ 2016-09-15 1:35 UTC (permalink / raw)
To: Linus Torvalds; +Cc: linux-kernel
On Wed, Sep 14, 2016 at 04:47:47PM +0100, Al Viro wrote:
> Fixes for broken uaccess primitives - mostly lack of proper zeroing
> in copy_from_user()/get_user()/__get_user(), but for several architectures
> there's more (broken clear_user() on frv and strncpy_from_user() on hexagon).
> All of that is rc2-based stable fodder; usercopy stuff that went into mainline
> since then has added 3 conflicts - in parisc, ppc and itanic uaccess.h.
> Conflicts are trivial; I've pushed my variant of conflict resolution into
> #proposed-merge.
And a bit that has sat in a different branch since mid-August:
[x86] fix minor infoleak in get_user_ex()
get_user_ex(x, ptr) should zero x on failure. It's not a lot of a leak
(at most we are leaking uninitialized 64bit value off the kernel stack,
and in a fairly constrained situation, at that), but the fix is trivial,
so...
Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
index a0ae610..7821921 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -433,7 +433,11 @@ do { \
#define __get_user_asm_ex(x, addr, itype, rtype, ltype) \
asm volatile("1: mov"itype" %1,%"rtype"0\n" \
"2:\n" \
- _ASM_EXTABLE_EX(1b, 2b) \
+ ".section .fixup,\"ax\"\n" \
+ "3:xor"itype" %"rtype"0,%"rtype"0\n" \
+ " jmp 2b\n" \
+ ".previous\n" \
+ _ASM_EXTABLE_EX(1b, 3b) \
: ltype(x) : "m" (__m(addr)))
#define __put_user_nocheck(x, ptr, size) \
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-09-15 1:35 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-09-14 15:47 [git pull] uaccess fixes Al Viro
2016-09-14 16:42 ` Linus Torvalds
2016-09-15 1:35 ` Al Viro
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.