| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 Aug 2021 14:54:17 +0800
From: Huacai Chen <chenhuacai@...ngson.cn>
To: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Darren Hart <dvhart@...radead.org>,
Davidlohr Bueso <dave@...olabs.net>,
Thomas Bogendoerfer <tsbogend@...ha.franken.de>
Cc: linux-mips@...r.kernel.org, linux-kernel@...r.kernel.org,
Xuefeng Li <lixuefeng@...ngson.cn>,
Huacai Chen <chenhuacai@...il.com>,
Jiaxun Yang <jiaxun.yang@...goat.com>,
Huacai Chen <chenhuacai@...ngson.cn>,
Hongchen Zhang <zhanghongchen@...ngson.cn>
Subject: [PATCH] futex: Fix fault_in_user_writeable()
fault_in_user_writeable() should verify R/W access but only verify W. In
most archs W implies R, but not true in MIPS and LoongArch, so fix it.
Signed-off-by: Huacai Chen <chenhuacai@...ngson.cn>
Signed-off-by: Hongchen Zhang <zhanghongchen@...ngson.cn>
---
kernel/futex.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/kernel/futex.c b/kernel/futex.c
index 2ecb07575055..c3b68be31bf3 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -672,10 +672,15 @@ static int get_futex_key(u32 __user *uaddr, bool fshared, union futex_key *key,
*/
static int fault_in_user_writeable(u32 __user *uaddr)
{
- struct mm_struct *mm = current->mm;
int ret;
+ struct mm_struct *mm = current->mm;
+ struct vm_area_struct *vma;
mmap_read_lock(mm);
+ vma = find_vma(mm, (unsigned long)uaddr);
+ if (!(vma->vm_flags & VM_READ))
+ ret = -EFAULT;
+
ret = fixup_user_fault(mm, (unsigned long)uaddr,
FAULT_FLAG_WRITE, NULL);
mmap_read_unlock(mm);
--
2.27.0
Powered by blists - more mailing lists