lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <80c6df0717014472aa81093ae3894d39@AcuMS.aculab.com>
Date:   Thu, 10 Feb 2022 09:36:41 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     'Arnd Bergmann' <arnd@...nel.org>, Michal Simek <monstr@...str.eu>
CC:     Christoph Hellwig <hch@...radead.org>,
        Arnd Bergmann <arnd@...db.de>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH] microblaze: remove CONFIG_SET_FS

From: Arnd
> Sent: 09 February 2022 14:49
> 
> Remove the address space override API set_fs().  The microblaze user
> address space is now limited to TASK_SIZE.
> 
> To support this we implement and wire in __get_kernel_nofault and
> __set_kernel_nofault.
> 
> The function user_addr_max is removed as there is a default definition
> provided when CONFIG_SET_FS is not used.
...
>  static inline int access_ok(const void __user *addr, unsigned long size)
>  {
>  	if (!size)
>  		goto ok;
> 
> -	if ((get_fs().seg < ((unsigned long)addr)) ||
> -			(get_fs().seg < ((unsigned long)addr + size - 1))) {
> -		pr_devel("ACCESS fail at 0x%08x (size 0x%x), seg 0x%08x\n",
> -			(__force u32)addr, (u32)size,
> -			(u32)get_fs().seg);
> +	if ((((unsigned long)addr) > TASK_SIZE) ||
> +	    (((unsigned long)addr + size - 1) > TASK_SIZE)) {
> +		pr_devel("ACCESS fail at 0x%08x (size 0x%x)",
> +			(__force u32)addr, (u32)size);
>  		return 0;

Isn't that the wrong check?
If 'size' is big 'addr + size' can wrap.

It needs to be (addr >= TASK_SIZE || size > TASK_SIZE - addr)

Which is pretty much a generic version.
Although typical 64bit architectures can use the faster:
	((addr | size) >> 62)

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ