The patch titled
Subject: prctl: use access_ok() instead of TASK_SIZE in prctl_set_mm()
has been added to the -mm tree. Its filename is
prctl-use-access_ok-instead-of-task_size-in-prctl_set_mm.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/SubmitChecklist when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Cyrill Gorcunov <gorcunov@xxxxxxxxxx>
Subject: prctl: use access_ok() instead of TASK_SIZE in prctl_set_mm()
Eric pointed that better to use access_ok instead of TASK_SIZE for testing
if address is allowed for use.
Reported-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Signed-off-by: Cyrill Gorcunov <gorcunov@xxxxxxxxxx>
Cc: Mark Salter <msalter@xxxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Pavel Emelyanov <xemul@xxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
kernel/sys.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff -puN kernel/sys.c~prctl-use-access_ok-instead-of-task_size-in-prctl_set_mm kernel/sys.c
--- a/kernel/sys.c~prctl-use-access_ok-instead-of-task_size-in-prctl_set_mm
+++ a/kernel/sys.c
@@ -1865,7 +1865,7 @@ static int prctl_set_mm(int opt, unsigne
if (opt == PR_SET_MM_EXE_FILE)
return prctl_set_mm_exe_file(mm, (unsigned int)addr);
- if (addr >= TASK_SIZE || addr < mmap_min_addr)
+ if (!access_ok(VERIFY_READ, addr, sizeof(addr)) || addr < mmap_min_addr)
return -EINVAL;
error = -EINVAL;
_
Patches currently in -mm which might be from gorcunov@xxxxxxxxxx are
checksyscalls-fix-here-document-handling.patch
c-r-prctl-fix-build-error-for-no-mmu-case.patch
linux-next.patch
prctl-use-access_ok-instead-of-task_size-in-prctl_set_mm.patch
x86-pat-remove-the-dependency-on-vm_pgoff-in-track-untrack-pfn-vma-routines.patch
x86-pat-separate-the-pfn-attribute-tracking-for-remap_pfn_range-and-vm_insert_pfn.patch
mm-x86-pat-rework-linear-pfn-mmap-tracking.patch
mm-introduce-arch-specific-vma-flag-vm_arch_1.patch
mm-kill-vma-flag-vm_insertpage.patch
mm-kill-vma-flag-vm_can_nonlinear.patch
mm-use-mm-exe_file-instead-of-first-vm_executable-vma-vm_file.patch
mm-kill-vma-flag-vm_executable-and-mm-num_exe_file_vmas.patch
mm-prepare-vm_dontdump-for-using-in-drivers.patch
mm-kill-vma-flag-vm_reserved-and-mm-reserved_vm-counter.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
