| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230215023706.19453-1-zev@bewilderbeest.net>
Date: Tue, 14 Feb 2023 18:37:06 -0800
From: Zev Weiss <zev@...ilderbeest.net>
To: linux-arm-kernel@...ts.infradead.org, kasan-dev@...glegroups.com
Cc: Andrew Jeffery <andrew@...id.au>,
Anshuman Khandual <anshuman.khandual@....com>,
Arnd Bergmann <arnd@...db.de>,
Dinh Nguyen <dinguyen@...nel.org>,
Russell King <linux@...linux.org.uk>,
Sam Ravnborg <sam@...nborg.org>,
Stafford Horne <shorne@...il.com>,
Zev Weiss <zev@...ilderbeest.net>,
linux-kernel@...r.kernel.org, openbmc@...ts.ozlabs.org,
Andrey Ryabinin <ryabinin.a.a@...il.com>,
Alexander Potapenko <glider@...gle.com>,
Andrey Konovalov <andreyknvl@...il.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
Vincenzo Frascino <vincenzo.frascino@....com>
Subject: [PATCH] ARM: uaccess: Fix KASAN false-positives
From: Andrew Jeffery <andrew@...id.au>
__copy_to_user_memcpy() and __clear_user_memset() had been calling
memcpy() and memset() respectively, leading to false-positive KASAN
reports when starting userspace:
[ 10.707901] Run /init as init process
[ 10.731892] process '/bin/busybox' started with executable stack
[ 10.745234] ==================================================================
[ 10.745796] BUG: KASAN: user-memory-access in __clear_user_memset+0x258/0x3ac
[ 10.747260] Write of size 2687 at addr 000de581 by task init/1
Use __memcpy() and __memset() instead to allow userspace access, which
is of course the intent of these functions.
Signed-off-by: Andrew Jeffery <andrew@...id.au>
Signed-off-by: Zev Weiss <zev@...ilderbeest.net>
---
arch/arm/lib/uaccess_with_memcpy.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/lib/uaccess_with_memcpy.c b/arch/arm/lib/uaccess_with_memcpy.c
index 14eecaaf295f..e4c2677cc1e9 100644
--- a/arch/arm/lib/uaccess_with_memcpy.c
+++ b/arch/arm/lib/uaccess_with_memcpy.c
@@ -116,7 +116,7 @@ __copy_to_user_memcpy(void __user *to, const void *from, unsigned long n)
tocopy = n;
ua_flags = uaccess_save_and_enable();
- memcpy((void *)to, from, tocopy);
+ __memcpy((void *)to, from, tocopy);
uaccess_restore(ua_flags);
to += tocopy;
from += tocopy;
@@ -178,7 +178,7 @@ __clear_user_memset(void __user *addr, unsigned long n)
tocopy = n;
ua_flags = uaccess_save_and_enable();
- memset((void *)addr, 0, tocopy);
+ __memset((void *)addr, 0, tocopy);
uaccess_restore(ua_flags);
addr += tocopy;
n -= tocopy;
--
2.39.1.438.g79fd386332e5.dirty
Powered by blists - more mailing lists