git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Arnd Bergmann <arnd@arndb.de>
	Thu, 10 Feb 2022 15:24:30 +0000 (16:24 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 28 Mar 2022 08:03:21 +0000 (10:03 +0200)
commit	a1ad747fc1a0e06d1bf26b996ee8a56b5c8d02d8
tree	24afd8c7614b9e67f36a66f15ed0dd5c73de47d7	tree
parent	cfda62aaf813dd899d35c68abe64db1776ec8009	commit \| diff

uaccess: fix integer overflow on access_ok()

commit 222ca305c9fd39e5ed8104da25c09b2b79a516a8 upstream.

Three architectures check the end of a user access against the
address limit without taking a possible overflow into account.
Passing a negative length or another overflow in here returns
success when it should not.

Use the most common correct implementation here, which optimizes
for a constant 'size' argument, and turns the common case into a
single comparison.

Cc: stable@vger.kernel.org
Fixes: da551281947c ("csky: User access")
Fixes: f663b60f5215 ("microblaze: Fix uaccess_ok macro")
Fixes: 7567746e1c0d ("Hexagon: Add user access functions")
Reported-by: David Laight <David.Laight@aculab.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

arch/csky/include/asm/uaccess.h		diff \| blob \| blame \| history
arch/hexagon/include/asm/uaccess.h		diff \| blob \| blame \| history
arch/microblaze/include/asm/uaccess.h		diff \| blob \| blame \| history