This patch fixes CVE-2018-20669 in 4.19 tree. On 13/05/20, 11:36 AM, "Greg KH" <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: On Wed, May 13, 2020 at 07:19:21AM +0530, ashwin-h wrote: > From: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> > > commit 594cc251fdd0d231d342d88b2fdff4bc42fb0690 upstream. > > Originally, the rule used to be that you'd have to do access_ok() > separately, and then user_access_begin() before actually doing the > direct (optimized) user access. > > But experience has shown that people then decide not to do access_ok() > at all, and instead rely on it being implied by other operations or > similar. Which makes it very hard to verify that the access has > actually been range-checked. > > If you use the unsafe direct user accesses, hardware features (either > SMAP - Supervisor Mode Access Protection - on x86, or PAN - Privileged > Access Never - on ARM) do force you to use user_access_begin(). But > nothing really forces the range check. > > By putting the range check into user_access_begin(), we actually force > people to do the right thing (tm), and the range check vill be visible > near the actual accesses. We have way too long a history of people > trying to avoid them. > > Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> > Signed-off-by: Ashwin H <ashwinh@xxxxxxxxxx> > --- > arch/x86/include/asm/uaccess.h | 11 ++++++++++- > drivers/gpu/drm/i915/i915_gem_execbuffer.c | 15 +++++++++++++-- > include/linux/uaccess.h | 2 +- > kernel/compat.c | 6 ++---- > kernel/exit.c | 6 ++---- > lib/strncpy_from_user.c | 9 +++++---- > lib/strnlen_user.c | 9 +++++---- > 7 files changed, 38 insertions(+), 20 deletions(-) Are you wanting this merged to a specific stable kernel tree? If so, why? thanks, greg k-h _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/intel-gfx