lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 Apr 2019 15:24:59 +0200 From: Andrey Konovalov <andreyknvl@...gle.com> To: linux-arm-kernel@...ts.infradead.org, linux-mm@...ck.org, linux-kernel@...r.kernel.org, amd-gfx@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org, linux-rdma@...r.kernel.org, linux-media@...r.kernel.org, kvm@...r.kernel.org, linux-kselftest@...r.kernel.org Cc: Catalin Marinas <catalin.marinas@....com>, Vincenzo Frascino <vincenzo.frascino@....com>, Will Deacon <will.deacon@....com>, Mark Rutland <mark.rutland@....com>, Andrew Morton <akpm@...ux-foundation.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Kees Cook <keescook@...omium.org>, Yishai Hadas <yishaih@...lanox.com>, Kuehling@...gle.com, Felix <Felix.Kuehling@....com>, Deucher@...gle.com, Alexander <Alexander.Deucher@....com>, Koenig@...gle.com, Christian <Christian.Koenig@....com>, Mauro Carvalho Chehab <mchehab@...nel.org>, Jens Wiklander <jens.wiklander@...aro.org>, Alex Williamson <alex.williamson@...hat.com>, Leon Romanovsky <leon@...nel.org>, Dmitry Vyukov <dvyukov@...gle.com>, Kostya Serebryany <kcc@...gle.com>, Evgeniy Stepanov <eugenis@...gle.com>, Lee Smith <Lee.Smith@....com>, Ramana Radhakrishnan <Ramana.Radhakrishnan@....com>, Jacob Bramley <Jacob.Bramley@....com>, Ruben Ayrapetyan <Ruben.Ayrapetyan@....com>, Robin Murphy <robin.murphy@....com>, Chintan Pandya <cpandya@...eaurora.org>, Luc Van Oostenryck <luc.vanoostenryck@...il.com>, Dave Martin <Dave.Martin@....com>, Kevin Brodsky <kevin.brodsky@....com>, Szabolcs Nagy <Szabolcs.Nagy@....com>, Andrey Konovalov <andreyknvl@...gle.com> Subject: [PATCH v14 03/17] lib, arm64: untag user pointers in strn*_user This patch is a part of a series that extends arm64 kernel ABI to allow to pass tagged user pointers (with the top byte set to something else other than 0x00) as syscall arguments. strncpy_from_user and strnlen_user accept user addresses as arguments, and do not go through the same path as copy_from_user and others, so here we need to handle the case of tagged user addresses separately. Untag user pointers passed to these functions. Note, that this patch only temporarily untags the pointers to perform validity checks, but then uses them as is to perform user memory accesses. Signed-off-by: Andrey Konovalov <andreyknvl@...gle.com> --- lib/strncpy_from_user.c | 3 ++- lib/strnlen_user.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c index 58eacd41526c..6209bb9507c7 100644 --- a/lib/strncpy_from_user.c +++ b/lib/strncpy_from_user.c @@ -6,6 +6,7 @@ #include <linux/uaccess.h> #include <linux/kernel.h> #include <linux/errno.h> +#include <linux/mm.h> #include <asm/byteorder.h> #include <asm/word-at-a-time.h> @@ -107,7 +108,7 @@ long strncpy_from_user(char *dst, const char __user *src, long count) return 0; max_addr = user_addr_max(); - src_addr = (unsigned long)src; + src_addr = (unsigned long)untagged_addr(src); if (likely(src_addr < max_addr)) { unsigned long max = max_addr - src_addr; long retval; diff --git a/lib/strnlen_user.c b/lib/strnlen_user.c index 1c1a1b0e38a5..8ca3d2ac32ec 100644 --- a/lib/strnlen_user.c +++ b/lib/strnlen_user.c @@ -2,6 +2,7 @@ #include <linux/kernel.h> #include <linux/export.h> #include <linux/uaccess.h> +#include <linux/mm.h> #include <asm/word-at-a-time.h> @@ -109,7 +110,7 @@ long strnlen_user(const char __user *str, long count) return 0; max_addr = user_addr_max(); - src_addr = (unsigned long)str; + src_addr = (unsigned long)untagged_addr(str); if (likely(src_addr < max_addr)) { unsigned long max = max_addr - src_addr; long retval; -- 2.21.0.593.g511ec345e18-goog
Powered by blists - more mailing lists