From: <gregkh@linuxfoundation.org>
To: viro@zeniv.linux.org.uk, gregkh@linuxfoundation.org
Cc: <stable@vger.kernel.org>, <stable-commits@vger.kernel.org>
Subject: Patch "openrisc: fix copy_from_user()" has been added to the 4.7-stable tree
Date: Thu, 22 Sep 2016 17:43:26 +0200 [thread overview]
Message-ID: <1474559006177214@kroah.com> (raw)
This is a note to let you know that I've just added the patch titled
openrisc: fix copy_from_user()
to the 4.7-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
openrisc-fix-copy_from_user.patch
and it can be found in the queue-4.7 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From acb2505d0119033a80c85ac8d02dccae41271667 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Sat, 20 Aug 2016 17:05:21 -0400
Subject: openrisc: fix copy_from_user()
From: Al Viro <viro@zeniv.linux.org.uk>
commit acb2505d0119033a80c85ac8d02dccae41271667 upstream.
... that should zero on faults. Also remove the <censored> helpful
logics wrt range truncation copied from ppc32. Where it had ever
been needed only in case of copy_from_user() *and* had not been merged
into the mainline until a month after the need had disappeared.
A decade before openrisc went into mainline, I might add...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/openrisc/include/asm/uaccess.h | 33 ++++++++++-----------------------
1 file changed, 10 insertions(+), 23 deletions(-)
--- a/arch/openrisc/include/asm/uaccess.h
+++ b/arch/openrisc/include/asm/uaccess.h
@@ -273,28 +273,20 @@ __copy_tofrom_user(void *to, const void
static inline unsigned long
copy_from_user(void *to, const void *from, unsigned long n)
{
- unsigned long over;
+ unsigned long res = n;
- if (access_ok(VERIFY_READ, from, n))
- return __copy_tofrom_user(to, from, n);
- if ((unsigned long)from < TASK_SIZE) {
- over = (unsigned long)from + n - TASK_SIZE;
- return __copy_tofrom_user(to, from, n - over) + over;
- }
- return n;
+ if (likely(access_ok(VERIFY_READ, from, n)))
+ n = __copy_tofrom_user(to, from, n);
+ if (unlikely(res))
+ memset(to + (n - res), 0, res);
+ return res;
}
static inline unsigned long
copy_to_user(void *to, const void *from, unsigned long n)
{
- unsigned long over;
-
- if (access_ok(VERIFY_WRITE, to, n))
- return __copy_tofrom_user(to, from, n);
- if ((unsigned long)to < TASK_SIZE) {
- over = (unsigned long)to + n - TASK_SIZE;
- return __copy_tofrom_user(to, from, n - over) + over;
- }
+ if (likely(access_ok(VERIFY_WRITE, to, n)))
+ n = __copy_tofrom_user(to, from, n);
return n;
}
@@ -303,13 +295,8 @@ extern unsigned long __clear_user(void *
static inline __must_check unsigned long
clear_user(void *addr, unsigned long size)
{
-
- if (access_ok(VERIFY_WRITE, addr, size))
- return __clear_user(addr, size);
- if ((unsigned long)addr < TASK_SIZE) {
- unsigned long over = (unsigned long)addr + size - TASK_SIZE;
- return __clear_user(addr, size - over) + over;
- }
+ if (likely(access_ok(VERIFY_WRITE, addr, size)))
+ size = __clear_user(addr, size);
return size;
}
Patches currently in stable-queue which might be from viro@zeniv.linux.org.uk are
queue-4.7/nios2-copy_from_user-should-zero-the-tail-of-destination.patch
queue-4.7/m32r-fix-__get_user.patch
queue-4.7/microblaze-fix-copy_from_user.patch
queue-4.7/cris-buggered-copy_from_user-copy_to_user-clear_user.patch
queue-4.7/asm-generic-make-copy_from_user-zero-the-destination-properly.patch
queue-4.7/metag-copy_from_user-should-zero-the-destination-on-access_ok-failure.patch
queue-4.7/score-fix-__get_user-get_user.patch
queue-4.7/parisc-fix-copy_from_user.patch
queue-4.7/mips-copy_from_user-must-zero-the-destination-on-access_ok-failure.patch
queue-4.7/alpha-fix-copy_from_user.patch
queue-4.7/mn10300-failing-__get_user-and-get_user-should-zero.patch
queue-4.7/openrisc-fix-copy_from_user.patch
queue-4.7/avr32-fix-copy_from_user.patch
queue-4.7/score-fix-copy_from_user-and-friends.patch
queue-4.7/sh64-failing-__get_user-should-zero.patch
queue-4.7/arc-uaccess-get_user-to-zero-out-dest-in-cause-of-fault.patch
queue-4.7/hexagon-fix-strncpy_from_user-error-return.patch
queue-4.7/af_unix-split-u-readlock-into-two-iolock-and-bindlock.patch
queue-4.7/frv-fix-clear_user.patch
queue-4.7/fix-minor-infoleak-in-get_user_ex.patch
queue-4.7/asm-generic-make-get_user-clear-the-destination-on-errors.patch
queue-4.7/mn10300-copy_from_user-should-zero-on-access_ok-failure.patch
queue-4.7/s390-get_user-should-zero-on-failure.patch
queue-4.7/microblaze-fix-__get_user.patch
queue-4.7/blackfin-fix-copy_from_user.patch
queue-4.7/fix-iov_iter_fault_in_readable.patch
queue-4.7/nios2-fix-__get_user.patch
queue-4.7/sh-fix-copy_from_user.patch
reply other threads:[~2016-09-22 15:44 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1474559006177214@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=stable-commits@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).