]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit - lib/strnlen_user.c
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 838a860) | patch
lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user()
authorChristophe Leroy <christophe.leroy@c-s.fr>
Thu, 23 Jan 2020 08:34:18 +0000 (08:34 +0000)
committerLinus Torvalds <torvalds@linux-foundation.org>
Fri, 24 Jan 2020 17:27:34 +0000 (09:27 -0800)
commitab10ae1c3bef56c29bac61e1201c752221b87b41
tree20ae31e0a7fcbbbe516fbba8aeacf43c0ea37205tree | snapshot
parent838a860a390547dc6f8bc9d0a77d4ebad1dc8ff1commit | diff
lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user()

The range passed to user_access_begin() by strncpy_from_user() and
strnlen_user() starts at 'src' and goes up to the limit of userspace
although reads will be limited by the 'count' param.

On 32 bits powerpc (book3s/32) access has to be granted for each
256Mbytes segment and the cost increases with the number of segments to
unlock.

Limit the range with 'count' param.

Fixes: 594cc251fdd0 ("make 'user_access_begin()' do 'access_ok()'")
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
lib/strncpy_from_user.c diff | blob | blame | history
lib/strnlen_user.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git