| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250811140324.321751-1-longman@redhat.com>
Date: Mon, 11 Aug 2025 10:03:24 -0400
From: Waiman Long <longman@...hat.com>
To: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Darren Hart <dvhart@...radead.org>,
Davidlohr Bueso <dave@...olabs.net>,
André Almeida <andrealmeid@...lia.com>,
Sebastian Andrzej Siewior <bigeasy@...utronix.de>
Cc: linux-kernel@...r.kernel.org,
Waiman Long <longman@...hat.com>
Subject: [PATCH v2] futex: Use user_write_access_begin/_end() in futex_put_value()
Commit cec199c5e39b ("futex: Implement FUTEX2_NUMA") introduces a new
futex_put_value() helper function to write a value to the given user
address. However, it uses user_read_access_begin() before the write.
For arches that differentiate between read and write accesses, like
powerpc, futex_put_value() fails with a -EFAULT return value. Fix that
by using the user_write_access_begin/user_write_access_end() pair.
Fixes: cec199c5e39b ("futex: Implement FUTEX2_NUMA")
Signed-off-by: Waiman Long <longman@...hat.com>
---
kernel/futex/futex.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/futex/futex.h b/kernel/futex/futex.h
index c74eac572acd..ebe9e755b3b5 100644
--- a/kernel/futex/futex.h
+++ b/kernel/futex/futex.h
@@ -319,10 +319,10 @@ static __always_inline int futex_put_value(u32 val, u32 __user *to)
{
if (can_do_masked_user_access())
to = masked_user_access_begin(to);
- else if (!user_read_access_begin(to, sizeof(*to)))
+ else if (!user_write_access_begin(to, sizeof(*to)))
return -EFAULT;
unsafe_put_user(val, to, Efault);
- user_read_access_end();
+ user_write_access_end();
return 0;
Efault:
user_read_access_end();
--
2.50.1
Powered by blists - more mailing lists