fix fault_in_multipages_...() on architectures with no-op access_ok() - linux.git

diff options

author	Al Viro <viro@ZenIV.linux.org.uk>	2016-09-20 20:07:42 +0100
committer	Sasha Levin <alexander.levin@verizon.com>	2016-10-03 12:58:36 -0400
commit	01e893ae13ae22a799e3323445af759bbf00381d (patch)
tree	64de0fb7c212d98891d19a1f42407b4630f4be46 /fs
parent	8b915554cd8533de3ad32b2294d62be257a9c2bf (diff)

fix fault_in_multipages_...() on architectures with no-op access_ok()

[ Upstream commit e23d4159b109167126e5bcd7f3775c95de7fee47 ] Switching iov_iter fault-in to multipages variants has exposed an old bug in underlying fault_in_multipages_...(); they break if the range passed to them wraps around. Normally access_ok() done by callers will prevent such (and it's a guaranteed EFAULT - ERR_PTR() values fall into such a range and they should not point to any valid objects). However, on architectures where userland and kernel live in different MMU contexts (e.g. s390) access_ok() is a no-op and on those a range with a wraparound can reach fault_in_multipages_...(). Since any wraparound means EFAULT there, the fix is trivial - turn those while (uaddr <= end) ... into if (unlikely(uaddr > end)) return -EFAULT; do ... while (uaddr <= end); Reported-by: Jan Stancek <jstancek@redhat.com> Tested-by: Jan Stancek <jstancek@redhat.com> Cc: stable@vger.kernel.org # v3.5+ Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <alexander.levin@verizon.com>

Diffstat (limited to 'fs')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: