From: Ard Biesheuvel <ardb@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Cc: Mark Rutland <mark.rutland@arm.com>,
Florian Fainelli <f.fainelli@gmail.com>,
Tony Lindgren <tony@atomide.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Andrey Ryabinin <a.ryabinin@samsung.com>,
Russell King <rmk+kernel@armlinux.org.uk>,
Marc Zyngier <maz@kernel.org>,
Russell King <rmk+kernel@arm.linux.org.uk>,
Will Deacon <will@kernel.org>, Ard Biesheuvel <ardb@kernel.org>
Subject: [PATCH for-stable-v4.4 01/53] ARM: 8051/1: put_user: fix possible data corruption in put_user
Date: Tue, 5 Nov 2019 21:57:54 +0100 [thread overview]
Message-ID: <20191105205846.1394-2-ardb@kernel.org> (raw)
In-Reply-To: <20191105205846.1394-1-ardb@kernel.org>
From: Andrey Ryabinin <a.ryabinin@samsung.com>
Commit 537094b64b229bf3ad146042f83e74cf6abe59df upstream.
According to arm procedure call standart r2 register is call-cloberred.
So after the result of x expression was put into r2 any following
function call in p may overwrite r2. To fix this, the result of p
expression must be saved to the temporary variable before the
assigment x expression to __r2.
Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
Reviewed-by: Nicolas Pitre <nico@linaro.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
arch/arm/include/asm/uaccess.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h
index cd8b589111ba..35c9db857ebe 100644
--- a/arch/arm/include/asm/uaccess.h
+++ b/arch/arm/include/asm/uaccess.h
@@ -251,7 +251,7 @@ extern int __put_user_8(void *, unsigned long long);
({ \
unsigned long __limit = current_thread_info()->addr_limit - 1; \
const typeof(*(p)) __user *__tmp_p = (p); \
- register typeof(*(p)) __r2 asm("r2") = (x); \
+ register const typeof(*(p)) __r2 asm("r2") = (x); \
register const typeof(*(p)) __user *__p asm("r0") = __tmp_p; \
register unsigned long __l asm("r1") = __limit; \
register int __e asm("r0"); \
--
2.17.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-11-05 20:59 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-05 20:57 [PATCH for-stable-v4.4 00/53] ARM: spectre v1/v2 mitigations Ard Biesheuvel
2019-11-05 20:57 ` Ard Biesheuvel [this message]
2019-11-05 20:57 ` [PATCH for-stable-v4.4 02/53] ARM: 8478/2: arm/arm64: add arm-smccc Ard Biesheuvel
2019-11-05 20:57 ` [PATCH for-stable-v4.4 03/53] ARM: 8479/2: add implementation for arm-smccc Ard Biesheuvel
2019-11-05 20:57 ` [PATCH for-stable-v4.4 04/53] ARM: 8480/2: arm64: " Ard Biesheuvel
2019-11-05 20:57 ` [PATCH for-stable-v4.4 05/53] ARM: 8481/2: drivers: psci: replace psci firmware calls Ard Biesheuvel
2019-11-05 20:57 ` [PATCH for-stable-v4.4 06/53] ARM: uaccess: remove put_user() code duplication Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 07/53] ARM: Move system register accessors to asm/cp15.h Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 08/53] arm: kernel: Add SMC structure parameter Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 09/53] firmware: qcom: scm: Fix interrupted SCM calls Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 10/53] ARM: smccc: Update HVC comment to describe new quirk parameter Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 11/53] arm/arm64: KVM: Advertise SMCCC v1.1 Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 12/53] arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 13/53] firmware/psci: Expose PSCI conduit Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 14/53] firmware/psci: Expose SMCCC version through psci_ops Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 15/53] arm/arm64: smccc: Make function identifiers an unsigned quantity Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 16/53] arm/arm64: smccc: Implement SMCCC v1.1 inline primitive Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 17/53] arm/arm64: smccc: Add SMCCC-specific return codes Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 18/53] arm/arm64: smccc-1.1: Make return values unsigned long Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 19/53] arm/arm64: smccc-1.1: Handle function result as parameters Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 20/53] ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 21/53] ARM: bugs: prepare processor bug infrastructure Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 22/53] ARM: bugs: hook processor bug checking into SMP and suspend paths Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 23/53] ARM: bugs: add support for per-processor bug checking Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 24/53] ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 25/53] ARM: spectre-v2: harden branch predictor on context switches Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 26/53] ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 27/53] ARM: spectre-v2: harden user aborts in kernel space Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 28/53] ARM: spectre-v2: add firmware based hardening Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 29/53] ARM: spectre-v2: warn about incorrect context switching functions Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 30/53] ARM: spectre-v1: add speculation barrier (csdb) macros Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 31/53] ARM: spectre-v1: add array_index_mask_nospec() implementation Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 32/53] ARM: spectre-v1: fix syscall entry Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 33/53] ARM: signal: copy registers using __copy_from_user() Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 34/53] ARM: vfp: use __copy_from_user() when restoring VFP state Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 35/53] ARM: oabi-compat: copy semops using __copy_from_user() Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 36/53] ARM: use __inttype() in get_user() Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 37/53] ARM: spectre-v1: use get_user() for __get_user() Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 38/53] ARM: spectre-v1: mitigate user accesses Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 39/53] ARM: 8789/1: signal: copy registers using __copy_to_user() Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 40/53] ARM: 8791/1: vfp: use __copy_to_user() when saving VFP state Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 41/53] ARM: 8792/1: oabi-compat: copy oabi events using __copy_to_user() Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 42/53] ARM: 8793/1: signal: replace __put_user_error with __put_user Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 43/53] ARM: 8794/1: uaccess: Prevent speculative use of the current addr_limit Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 44/53] ARM: 8795/1: spectre-v1.1: use put_user() for __put_user() Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 45/53] ARM: 8796/1: spectre-v1, v1.1: provide helpers for address sanitization Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 46/53] ARM: 8810/1: vfp: Fix wrong assignement to ufp_exc Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 47/53] ARM: make lookup_processor_type() non-__init Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 48/53] ARM: split out processor lookup Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 49/53] ARM: clean up per-processor check_bugs method call Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 50/53] ARM: add PROC_VTABLE and PROC_TABLE macros Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 51/53] ARM: spectre-v2: per-CPU vtables to work around big.Little systems Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 52/53] ARM: ensure that processor vtables is not lost after boot Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 53/53] ARM: fix the cockup in the previous patch Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191105205846.1394-2-ardb@kernel.org \
--to=ardb@kernel.org \
--cc=a.ryabinin@samsung.com \
--cc=catalin.marinas@arm.com \
--cc=f.fainelli@gmail.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=mark.rutland@arm.com \
--cc=maz@kernel.org \
--cc=rmk+kernel@arm.linux.org.uk \
--cc=rmk+kernel@armlinux.org.uk \
--cc=tony@atomide.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.