fix fault_in_multipages_...() on architectures with no-op access_ok() - xavi/android_kernel_m2note - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Al Viro <viro@ZenIV.linux.org.uk>	2016-09-20 20:07:42 +0100
committer	Mister Oyster <oysterized@gmail.com>	2017-04-11 10:58:01 +0200
commit	4e1b1e7e55641083832a07b3098357337db6c055 (patch)
tree	b0207049317f78735be273916d18958b85e5a174 /scripts/cleanpatch
parent	d90feec93190ac9e24cc2a321c2ced61c1db29de (diff)

fix fault_in_multipages_...() on architectures with no-op access_ok()

commit e23d4159b109167126e5bcd7f3775c95de7fee47 upstream. Switching iov_iter fault-in to multipages variants has exposed an old bug in underlying fault_in_multipages_...(); they break if the range passed to them wraps around. Normally access_ok() done by callers will prevent such (and it's a guaranteed EFAULT - ERR_PTR() values fall into such a range and they should not point to any valid objects). However, on architectures where userland and kernel live in different MMU contexts (e.g. s390) access_ok() is a no-op and on those a range with a wraparound can reach fault_in_multipages_...(). Since any wraparound means EFAULT there, the fix is trivial - turn those while (uaddr <= end) ... into if (unlikely(uaddr > end)) return -EFAULT; do ... while (uaddr <= end); Reported-by: Jan Stancek <jstancek@redhat.com> Tested-by: Jan Stancek <jstancek@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Willy Tarreau <w@1wt.eu>

Diffstat (limited to 'scripts/cleanpatch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: