From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0887EC4167D for ; Fri, 25 Mar 2022 15:27:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1376738AbiCYP16 (ORCPT ); Fri, 25 Mar 2022 11:27:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60432 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1378263AbiCYPZP (ORCPT ); Fri, 25 Mar 2022 11:25:15 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 410C6ECC44; Fri, 25 Mar 2022 08:20:11 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id CECCA61451; Fri, 25 Mar 2022 15:20:10 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id DB2D3C340E9; Fri, 25 Mar 2022 15:20:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1648221610; bh=2Y7SEJ45GUxU9Jc1FeEiiIgPS7sVZVqp/nNW4EwEPk4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=LPJ6oNB8Y+tArCj0kT7KH3Fqfw8SpD2KCiGXFjyqNsehnV3f1P6+5P75opywYm2Wi Kw5eH06SoyJtvttv1/KeTvLU7TNXzXKVNI+hS7AYisXiS7uN2A9O6YhVxob6BAnbez Ows6j88lYeaX58L3Chosnu1QKLjA3K0YktHxjVIA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Christoph Hellwig , Arnd Bergmann Subject: [PATCH 5.17 38/39] m68k: fix access_ok for coldfire Date: Fri, 25 Mar 2022 16:14:53 +0100 Message-Id: <20220325150421.333278681@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220325150420.245733653@linuxfoundation.org> References: <20220325150420.245733653@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Arnd Bergmann commit 26509034bef198525d5936c116cbd0c3fa491c0b upstream. While most m68k platforms use separate address spaces for user and kernel space, at least coldfire does not, and the other ones have a TASK_SIZE that is less than the entire 4GB address range. Using the default implementation of __access_ok() stops coldfire user space from trivially accessing kernel memory. Reviewed-by: Christoph Hellwig Cc: stable@vger.kernel.org Signed-off-by: Arnd Bergmann Signed-off-by: Greg Kroah-Hartman --- arch/m68k/include/asm/uaccess.h | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) --- a/arch/m68k/include/asm/uaccess.h +++ b/arch/m68k/include/asm/uaccess.h @@ -12,14 +12,17 @@ #include /* We let the MMU do all checking */ -static inline int access_ok(const void __user *addr, +static inline int access_ok(const void __user *ptr, unsigned long size) { - /* - * XXX: for !CONFIG_CPU_HAS_ADDRESS_SPACES this really needs to check - * for TASK_SIZE! - */ - return 1; + unsigned long limit = TASK_SIZE; + unsigned long addr = (unsigned long)ptr; + + if (IS_ENABLED(CONFIG_CPU_HAS_ADDRESS_SPACES) || + !IS_ENABLED(CONFIG_MMU)) + return 1; + + return (size <= limit) && (addr <= (limit - size)); } /*