Patch "ARM: 9290/1: uaccess: Fix KASAN false-positives" has been added to the 6.1-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    ARM: 9290/1: uaccess: Fix KASAN false-positives

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     arm-9290-1-uaccess-fix-kasan-false-positives.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 11fe8a9cf1208194cc55a89d8a8648d530cd6b29
Author: Andrew Jeffery <andrew@xxxxxxxx>
Date:   Wed Feb 22 00:10:14 2023 +0100

    ARM: 9290/1: uaccess: Fix KASAN false-positives
    
    [ Upstream commit ceac10c83b330680cc01ceaaab86cd49f4f30d81 ]
    
    __copy_to_user_memcpy() and __clear_user_memset() had been calling
    memcpy() and memset() respectively, leading to false-positive KASAN
    reports when starting userspace:
    
        [   10.707901] Run /init as init process
        [   10.731892] process '/bin/busybox' started with executable stack
        [   10.745234] ==================================================================
        [   10.745796] BUG: KASAN: user-memory-access in __clear_user_memset+0x258/0x3ac
        [   10.747260] Write of size 2687 at addr 000de581 by task init/1
    
    Use __memcpy() and __memset() instead to allow userspace access, which
    is of course the intent of these functions.
    
    Signed-off-by: Andrew Jeffery <andrew@xxxxxxxx>
    Signed-off-by: Zev Weiss <zev@xxxxxxxxxxxxxxxxx>
    Reviewed-by: Arnd Bergmann <arnd@xxxxxxxx>
    Signed-off-by: Russell King (Oracle) <rmk+kernel@xxxxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/arm/lib/uaccess_with_memcpy.c b/arch/arm/lib/uaccess_with_memcpy.c
index 14eecaaf295fa..e4c2677cc1e9e 100644
--- a/arch/arm/lib/uaccess_with_memcpy.c
+++ b/arch/arm/lib/uaccess_with_memcpy.c
@@ -116,7 +116,7 @@ __copy_to_user_memcpy(void __user *to, const void *from, unsigned long n)
 			tocopy = n;
 
 		ua_flags = uaccess_save_and_enable();
-		memcpy((void *)to, from, tocopy);
+		__memcpy((void *)to, from, tocopy);
 		uaccess_restore(ua_flags);
 		to += tocopy;
 		from += tocopy;
@@ -178,7 +178,7 @@ __clear_user_memset(void __user *addr, unsigned long n)
 			tocopy = n;
 
 		ua_flags = uaccess_save_and_enable();
-		memset((void *)addr, 0, tocopy);
+		__memset((void *)addr, 0, tocopy);
 		uaccess_restore(ua_flags);
 		addr += tocopy;
 		n -= tocopy;



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux