On Mon, Apr 12, 2021 at 11:02:19AM +0800, Tiezhu Yang wrote: > On 04/11/2021 07:04 PM, Jinyang He wrote: > > Commit 04324f44cb69 ("MIPS: Remove get_fs/set_fs") brought a problem for > > strnlen_user(). Jump out when checking access_ok() with condition that > > (s + strlen(s)) < __UA_LIMIT <= (s + n). The old __strnlen_user_asm() > > just checked (ua_limit & s) without checking (ua_limit & (s + n)). > > Therefore, find strlen form s to __UA_LIMIT - 1 in that condition. > > > > Signed-off-by: Jinyang He <hejinyang@xxxxxxxxxxx> > > --- > > arch/mips/include/asm/uaccess.h | 11 +++++++++-- > > 1 file changed, 9 insertions(+), 2 deletions(-) > > > > diff --git a/arch/mips/include/asm/uaccess.h b/arch/mips/include/asm/uaccess.h > > index 91bc7fb..85ba0c8 100644 > > --- a/arch/mips/include/asm/uaccess.h > > +++ b/arch/mips/include/asm/uaccess.h > > @@ -630,8 +630,15 @@ static inline long strnlen_user(const char __user *s, long n) > > { > > long res; > > - if (!access_ok(s, n)) > > - return -0; > > + if (unlikely(n <= 0)) > > + return 0; > > + > > + if (!access_ok(s, n)) { > > + if (!access_ok(s, 0)) > > + return 0; > > + > > + n = __UA_LIMIT - (unsigned long)s - 1; > > + } > > might_fault(); > > __asm__ __volatile__( > > The following simple changes are OK to fix this issue? > > diff --git a/arch/mips/include/asm/uaccess.h b/arch/mips/include/asm/uaccess.h > index 91bc7fb..eafc99b 100644 > --- a/arch/mips/include/asm/uaccess.h > +++ b/arch/mips/include/asm/uaccess.h > @@ -630,8 +630,8 @@ static inline long strnlen_user(const char __user *s, long n) > { > long res; > - if (!access_ok(s, n)) > - return -0; > + if (!access_ok(s, 1)) > + return 0; > might_fault(); > __asm__ __volatile__( that's the fix I'd like to apply. Could someone send it as a formal patch ? Thanks. Thomas. -- Crap can work. Given enough thrust pigs will fly, but it's not necessarily a good idea. [ RFC1925, 2.3 ]