stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH AUTOSEL 5.1 01/59] lkdtm/usercopy: Moves the KERNEL_DS test to non-canonical
@ 2019-06-14 20:27 Sasha Levin
  2019-06-14 20:27 ` [PATCH AUTOSEL 5.1 02/59] ARC: fix build warnings Sasha Levin
                   ` (38 more replies)
  0 siblings, 39 replies; 45+ messages in thread
From: Sasha Levin @ 2019-06-14 20:27 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Kees Cook, Sasha Levin

From: Kees Cook <keescook@chromium.org>

[ Upstream commit 2bf8496f6e9b7e9a557f65eb95eab16fea7958c7 ]

The prior implementation of the KERNEL_DS fault checking would work on
any unmapped kernel address, but this was narrowed to the non-canonical
range instead. This adjusts the LKDTM test to match.

Fixes: 00c42373d397 ("x86-64: add warning for non-canonical user access address dereferences")
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/misc/lkdtm/usercopy.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/drivers/misc/lkdtm/usercopy.c b/drivers/misc/lkdtm/usercopy.c
index d5a0e7f1813b..e172719dd86d 100644
--- a/drivers/misc/lkdtm/usercopy.c
+++ b/drivers/misc/lkdtm/usercopy.c
@@ -324,14 +324,16 @@ void lkdtm_USERCOPY_KERNEL(void)
 
 void lkdtm_USERCOPY_KERNEL_DS(void)
 {
-	char __user *user_ptr = (char __user *)ERR_PTR(-EINVAL);
+	char __user *user_ptr =
+		(char __user *)(0xFUL << (sizeof(unsigned long) * 8 - 4));
 	mm_segment_t old_fs = get_fs();
 	char buf[10] = {0};
 
-	pr_info("attempting copy_to_user on unmapped kernel address\n");
+	pr_info("attempting copy_to_user() to noncanonical address: %px\n",
+		user_ptr);
 	set_fs(KERNEL_DS);
-	if (copy_to_user(user_ptr, buf, sizeof(buf)))
-		pr_info("copy_to_user un unmapped kernel address failed\n");
+	if (copy_to_user(user_ptr, buf, sizeof(buf)) == 0)
+		pr_err("copy_to_user() to noncanonical address succeeded!?\n");
 	set_fs(old_fs);
 }
 
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 45+ messages in thread

end of thread, other threads:[~2019-06-23 19:26 UTC | newest]

Thread overview: 45+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-14 20:27 [PATCH AUTOSEL 5.1 01/59] lkdtm/usercopy: Moves the KERNEL_DS test to non-canonical Sasha Levin
2019-06-14 20:27 ` [PATCH AUTOSEL 5.1 02/59] ARC: fix build warnings Sasha Levin
2019-06-14 20:27 ` [PATCH AUTOSEL 5.1 03/59] dmaengine: jz4780: Fix transfers being ACKed too soon Sasha Levin
2019-06-14 20:27 ` [PATCH AUTOSEL 5.1 04/59] dmaengine: dw-axi-dmac: fix null dereference when pointer first is null Sasha Levin
2019-06-14 20:27 ` [PATCH AUTOSEL 5.1 05/59] dmaengine: mediatek-cqdma: sleeping in atomic context Sasha Levin
2019-06-14 20:27 ` [PATCH AUTOSEL 5.1 06/59] dmaengine: sprd: Fix the possible crash when getting descriptor status Sasha Levin
2019-06-14 20:27 ` [PATCH AUTOSEL 5.1 07/59] dmaengine: sprd: Add validation of current descriptor in irq handler Sasha Levin
2019-06-14 20:27 ` [PATCH AUTOSEL 5.1 08/59] dmaengine: sprd: Fix the incorrect start for 2-stage destination channels Sasha Levin
2019-06-14 20:27 ` [PATCH AUTOSEL 5.1 09/59] dmaengine: sprd: Fix block length overflow Sasha Levin
2019-06-14 20:27 ` [PATCH AUTOSEL 5.1 10/59] dmaengine: sprd: Fix the right place to configure 2-stage transfer Sasha Levin
2019-06-14 20:27 ` [PATCH AUTOSEL 5.1 11/59] ARC: [plat-hsdk]: Add missing multicast filter bins number to GMAC node Sasha Levin
2019-06-14 20:27 ` [PATCH AUTOSEL 5.1 12/59] ARC: [plat-hsdk]: Add missing FIFO size entry in " Sasha Levin
2019-06-14 20:27 ` [PATCH AUTOSEL 5.1 13/59] MIPS: mark ginvt() as __always_inline Sasha Levin
2019-06-14 20:27 ` [PATCH AUTOSEL 5.1 14/59] fpga: stratix10-soc: fix use-after-free on s10_init() Sasha Levin
2019-06-14 20:27 ` [PATCH AUTOSEL 5.1 15/59] fpga: dfl: afu: Pass the correct device to dma_mapping_error() Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 16/59] fpga: dfl: Add lockdep classes for pdata->lock Sasha Levin
2019-06-15  5:47   ` Greg Kroah-Hartman
2019-06-15 22:41     ` Sasha Levin
2019-06-16  7:09       ` Greg Kroah-Hartman
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 17/59] fpga: dfl: expand minor range when registering chrdev region Sasha Levin
2019-06-15  5:48   ` Greg Kroah-Hartman
2019-06-23 19:26     ` Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 18/59] parport: Fix mem leak in parport_register_dev_model Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 19/59] parisc: Fix compiler warnings in float emulation code Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 20/59] habanalabs: fix bug in checking huge page optimization Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 21/59] IB/rdmavt: Fix alloc_qpn() WARN_ON() Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 22/59] IB/hfi1: Insure freeze_work work_struct is canceled on shutdown Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 23/59] IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 24/59] IB/hfi1: Validate page aligned for a given virtual address Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 25/59] MIPS: uprobes: remove set but not used variable 'epc' Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 26/59] crypto: hmac - fix memory leak in hmac_init_tfm() Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 27/59] xtensa: Fix section mismatch between memblock_reserve and mem_reserve Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 28/59] kselftest/cgroup: fix unexpected testing failure on test_memcontrol Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 29/59] kselftest/cgroup: fix unexpected testing failure on test_core Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 30/59] kselftest/cgroup: fix incorrect test_core skip Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 31/59] userfaultfd: selftest: fix compiler warning Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 32/59] selftests: vm: install test_vmalloc.sh for run_vmtests Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 33/59] nds32: Avoid IEX status being incorrectly modified Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 34/59] net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0 Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 35/59] net: hns: Fix loopback test failed at copper ports Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 36/59] mdesc: fix a missing-check bug in get_vdev_port_node_info() Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 37/59] sparc: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 38/59] net: ethernet: mediatek: Use hw_feature to judge if HWLRO is supported Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 39/59] net: ethernet: mediatek: Use NET_IP_ALIGN to judge if HW RX_2BYTE_OFFSET is enabled Sasha Levin
2019-06-14 20:28 ` [PATCH AUTOSEL 5.1 40/59] selftests: set sysctl bc_forwarding properly in router_broadcast.sh Sasha Levin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).