From: Greg Kroah-Hartman Date: Wed, 27 May 2020 15:29:17 +0000 (+0200) Subject: drop queue-4.19/make-user_access_begin-do-access_ok.patch X-Git-Tag: v4.19.125~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d501220661b6733fd2432c22ce172b81a42fa4af;p=thirdparty%2Fkernel%2Fstable-queue.git drop queue-4.19/make-user_access_begin-do-access_ok.patch --- diff --git a/queue-4.19/make-user_access_begin-do-access_ok.patch b/queue-4.19/make-user_access_begin-do-access_ok.patch deleted file mode 100644 index 8596430889d..00000000000 --- a/queue-4.19/make-user_access_begin-do-access_ok.patch +++ /dev/null @@ -1,191 +0,0 @@ -From 594cc251fdd0d231d342d88b2fdff4bc42fb0690 Mon Sep 17 00:00:00 2001 -From: Linus Torvalds -Date: Fri, 4 Jan 2019 12:56:09 -0800 -Subject: make 'user_access_begin()' do 'access_ok()' - -From: Linus Torvalds - -commit 594cc251fdd0d231d342d88b2fdff4bc42fb0690 upstream. - -Originally, the rule used to be that you'd have to do access_ok() -separately, and then user_access_begin() before actually doing the -direct (optimized) user access. - -But experience has shown that people then decide not to do access_ok() -at all, and instead rely on it being implied by other operations or -similar. Which makes it very hard to verify that the access has -actually been range-checked. - -If you use the unsafe direct user accesses, hardware features (either -SMAP - Supervisor Mode Access Protection - on x86, or PAN - Privileged -Access Never - on ARM) do force you to use user_access_begin(). But -nothing really forces the range check. - -By putting the range check into user_access_begin(), we actually force -people to do the right thing (tm), and the range check vill be visible -near the actual accesses. We have way too long a history of people -trying to avoid them. - -Signed-off-by: Linus Torvalds -Signed-off-by: Ashwin H -Signed-off-by: Greg Kroah-Hartman ---- - arch/x86/include/asm/uaccess.h | 11 ++++++++++- - drivers/gpu/drm/i915/i915_gem_execbuffer.c | 15 +++++++++++++-- - include/linux/uaccess.h | 2 +- - kernel/compat.c | 6 ++---- - kernel/exit.c | 6 ++---- - lib/strncpy_from_user.c | 9 +++++---- - lib/strnlen_user.c | 9 +++++---- - 7 files changed, 38 insertions(+), 20 deletions(-) - ---- a/arch/x86/include/asm/uaccess.h -+++ b/arch/x86/include/asm/uaccess.h -@@ -711,7 +711,16 @@ extern struct movsl_mask { - * checking before using them, but you have to surround them with the - * user_access_begin/end() pair. - */ --#define user_access_begin() __uaccess_begin() -+static __must_check inline bool user_access_begin(const bool type, -+ const void __user *ptr, -+ size_t len) -+{ -+ if (unlikely(!access_ok(type, ptr, len))) -+ return 0; -+ __uaccess_begin(); -+ return 1; -+} -+#define user_access_begin(t, a, b) user_access_begin(t, a, b) - #define user_access_end() __uaccess_end() - - #define unsafe_put_user(x, ptr, err_label) \ ---- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c -+++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -@@ -1604,7 +1604,9 @@ static int eb_copy_relocations(const str - * happened we would make the mistake of assuming that the - * relocations were valid. - */ -- user_access_begin(); -+ if (!user_access_begin(VERIFY_WRITE, urelocs, size)) -+ goto end_user; -+ - for (copied = 0; copied < nreloc; copied++) - unsafe_put_user(-1, - &urelocs[copied].presumed_offset, -@@ -2649,7 +2651,16 @@ i915_gem_execbuffer2_ioctl(struct drm_de - unsigned int i; - - /* Copy the new buffer offsets back to the user's exec list. */ -- user_access_begin(); -+ /* -+ * Note: count * sizeof(*user_exec_list) does not overflow, -+ * because we checked 'count' in check_buffer_count(). -+ * -+ * And this range already got effectively checked earlier -+ * when we did the "copy_from_user()" above. -+ */ -+ if (!user_access_begin(VERIFY_WRITE, user_exec_list, count * sizeof(*user_exec_list))) -+ goto end_user; -+ - for (i = 0; i < args->buffer_count; i++) { - if (!(exec2_list[i].offset & UPDATE)) - continue; ---- a/include/linux/uaccess.h -+++ b/include/linux/uaccess.h -@@ -267,7 +267,7 @@ extern long strncpy_from_unsafe(char *ds - probe_kernel_read(&retval, addr, sizeof(retval)) - - #ifndef user_access_begin --#define user_access_begin() do { } while (0) -+#define user_access_begin(type, ptr, len) access_ok(type, ptr, len) - #define user_access_end() do { } while (0) - #define unsafe_get_user(x, ptr, err) do { if (unlikely(__get_user(x, ptr))) goto err; } while (0) - #define unsafe_put_user(x, ptr, err) do { if (unlikely(__put_user(x, ptr))) goto err; } while (0) ---- a/kernel/compat.c -+++ b/kernel/compat.c -@@ -354,10 +354,9 @@ long compat_get_bitmap(unsigned long *ma - bitmap_size = ALIGN(bitmap_size, BITS_PER_COMPAT_LONG); - nr_compat_longs = BITS_TO_COMPAT_LONGS(bitmap_size); - -- if (!access_ok(VERIFY_READ, umask, bitmap_size / 8)) -+ if (!user_access_begin(VERIFY_READ, umask, bitmap_size / 8)) - return -EFAULT; - -- user_access_begin(); - while (nr_compat_longs > 1) { - compat_ulong_t l1, l2; - unsafe_get_user(l1, umask++, Efault); -@@ -384,10 +383,9 @@ long compat_put_bitmap(compat_ulong_t __ - bitmap_size = ALIGN(bitmap_size, BITS_PER_COMPAT_LONG); - nr_compat_longs = BITS_TO_COMPAT_LONGS(bitmap_size); - -- if (!access_ok(VERIFY_WRITE, umask, bitmap_size / 8)) -+ if (!user_access_begin(VERIFY_WRITE, umask, bitmap_size / 8)) - return -EFAULT; - -- user_access_begin(); - while (nr_compat_longs > 1) { - unsigned long m = *mask++; - unsafe_put_user((compat_ulong_t)m, umask++, Efault); ---- a/kernel/exit.c -+++ b/kernel/exit.c -@@ -1617,10 +1617,9 @@ SYSCALL_DEFINE5(waitid, int, which, pid_ - if (!infop) - return err; - -- if (!access_ok(VERIFY_WRITE, infop, sizeof(*infop))) -+ if (!user_access_begin(VERIFY_WRITE, infop, sizeof(*infop))) - return -EFAULT; - -- user_access_begin(); - unsafe_put_user(signo, &infop->si_signo, Efault); - unsafe_put_user(0, &infop->si_errno, Efault); - unsafe_put_user(info.cause, &infop->si_code, Efault); -@@ -1745,10 +1744,9 @@ COMPAT_SYSCALL_DEFINE5(waitid, - if (!infop) - return err; - -- if (!access_ok(VERIFY_WRITE, infop, sizeof(*infop))) -+ if (!user_access_begin(VERIFY_WRITE, infop, sizeof(*infop))) - return -EFAULT; - -- user_access_begin(); - unsafe_put_user(signo, &infop->si_signo, Efault); - unsafe_put_user(0, &infop->si_errno, Efault); - unsafe_put_user(info.cause, &infop->si_code, Efault); ---- a/lib/strncpy_from_user.c -+++ b/lib/strncpy_from_user.c -@@ -115,10 +115,11 @@ long strncpy_from_user(char *dst, const - - kasan_check_write(dst, count); - check_object_size(dst, count, false); -- user_access_begin(); -- retval = do_strncpy_from_user(dst, src, count, max); -- user_access_end(); -- return retval; -+ if (user_access_begin(VERIFY_READ, src, max)) { -+ retval = do_strncpy_from_user(dst, src, count, max); -+ user_access_end(); -+ return retval; -+ } - } - return -EFAULT; - } ---- a/lib/strnlen_user.c -+++ b/lib/strnlen_user.c -@@ -114,10 +114,11 @@ long strnlen_user(const char __user *str - unsigned long max = max_addr - src_addr; - long retval; - -- user_access_begin(); -- retval = do_strnlen_user(str, count, max); -- user_access_end(); -- return retval; -+ if (user_access_begin(VERIFY_READ, str, max)) { -+ retval = do_strnlen_user(str, count, max); -+ user_access_end(); -+ return retval; -+ } - } - return 0; - } diff --git a/queue-4.19/series b/queue-4.19/series index a7f23b20556..591b062a2e4 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -78,4 +78,3 @@ iio-adc-stm32-dfsdm-use-dma_request_chan-instead-dma.patch iio-adc-stm32-dfsdm-fix-device-used-to-request-dma.patch rxrpc-trace-discarded-acks.patch rxrpc-fix-ack-discard.patch -make-user_access_begin-do-access_ok.patch