lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20080918151908.9857ba64.akpm@linux-foundation.org>
Date:	Thu, 18 Sep 2008 15:19:08 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Hiroshi Shimamoto <h-shimamoto@...jp.nec.com>
Cc:	mingo@...e.hu, linux-kernel@...r.kernel.org,
	linux-next@...r.kernel.org
Subject: Re: [PATCH -tip] uaccess: fix parameters inversion for
 __copy_from_user_inatomic()

On Mon, 15 Sep 2008 18:04:26 -0700
Hiroshi Shimamoto <h-shimamoto@...jp.nec.com> wrote:

> From: Hiroshi Shimamoto <h-shimamoto@...jp.nec.com>
> 
> The following patch changes to use __copy_from_user_inatomic(),
> but the passing parameters incorrect.
> 
>     x86: some lock annotations for user copy paths, v3
> 
>     - add annotation back to clear_user()
>     - change probe_kernel_address() to _inatomic*() method
> 
> Signed-off-by: Hiroshi Shimamoto <h-shimamoto@...jp.nec.com>
> ---
>  include/linux/uaccess.h |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h
> index 2062293..6b58367 100644
> --- a/include/linux/uaccess.h
> +++ b/include/linux/uaccess.h
> @@ -78,7 +78,7 @@ static inline unsigned long __copy_from_user_nocache(void *to,
>  							\
>  		set_fs(KERNEL_DS);			\
>  		pagefault_disable();			\
> -		ret = __copy_from_user_inatomic((__force typeof(retval) __user *)(addr), &(retval), sizeof(retval));		\
> +		ret = __copy_from_user_inatomic(&(retval), (__force typeof(retval) __user *)(addr), sizeof(retval));		\
>  		pagefault_enable();			\
>  		set_fs(old_fs);				\
>  		ret;					\

The bug which this fixes was merged into linux-next-20080918, and
manifests as squillions of messages like

[   58.693759] SLAB: cache with size 65536 has lost its name
[   58.693926] SLAB: cache with size 65536 has lost its name
[   58.694095] SLAB: cache with size 32768 has lost its name
[   58.694261] SLAB: cache with size 32768 has lost its name
[   58.694434] SLAB: cache with size 16384 has lost its name
[   58.694606] SLAB: cache with size 16384 has lost its name
[   58.694773] SLAB: cache with size 8192 has lost its name
[   58.694940] SLAB: cache with size 8192 has lost its name
[   58.695101] SLAB: cache with size 4096 has lost its name

so this version of linux-next (which will be the most-recent
version of linux-next for the next three weeks) will need this patch:


--- a/include/linux/uaccess.h~uaccess-fix-parameters-inversion-for-__copy_from_user_inatomic
+++ a/include/linux/uaccess.h
@@ -78,7 +78,7 @@ static inline unsigned long __copy_from_
 							\
 		set_fs(KERNEL_DS);			\
 		pagefault_disable();			\
-		ret = __copy_from_user_inatomic((__force typeof(retval) __user *)(addr), &(retval), sizeof(retval));		\
+		ret = __copy_from_user_inatomic(&(retval), (__force typeof(retval) __user *)(addr), sizeof(retval));		\
 		pagefault_enable();			\
 		set_fs(old_fs);				\
 		ret;					\
_

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ