This is a note to let you know that I've just added the patch titled
asm-generic: make get_user() clear the destination on errors
to the 4.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
asm-generic-make-get_user-clear-the-destination-on-errors.patch
and it can be found in the queue-4.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 9ad18b75c2f6e4a78ce204e79f37781f8815c0fa Mon Sep 17 00:00:00 2001
From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Date: Wed, 17 Aug 2016 23:19:01 -0400
Subject: asm-generic: make get_user() clear the destination on errors
From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
commit 9ad18b75c2f6e4a78ce204e79f37781f8815c0fa upstream.
both for access_ok() failures and for faults halfway through
Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
include/asm-generic/uaccess.h | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
--- a/include/asm-generic/uaccess.h
+++ b/include/asm-generic/uaccess.h
@@ -230,14 +230,18 @@ extern int __put_user_bad(void) __attrib
might_fault(); \
access_ok(VERIFY_READ, __p, sizeof(*ptr)) ? \
__get_user((x), (__typeof__(*(ptr)) *)__p) : \
- -EFAULT; \
+ ((x) = (__typeof__(*(ptr)))0,-EFAULT); \
})
#ifndef __get_user_fn
static inline int __get_user_fn(size_t size, const void __user *ptr, void *x)
{
- size = __copy_from_user(x, ptr, size);
- return size ? -EFAULT : size;
+ size_t n = __copy_from_user(x, ptr, size);
+ if (unlikely(n)) {
+ memset(x + (size - n), 0, n);
+ return -EFAULT;
+ }
+ return 0;
}
#define __get_user_fn(sz, u, k) __get_user_fn(sz, u, k)
Patches currently in stable-queue which might be from viro@xxxxxxxxxxxxxxxxxx are
queue-4.4/nios2-copy_from_user-should-zero-the-tail-of-destination.patch
queue-4.4/m32r-fix-__get_user.patch
queue-4.4/microblaze-fix-copy_from_user.patch
queue-4.4/cris-buggered-copy_from_user-copy_to_user-clear_user.patch
queue-4.4/asm-generic-make-copy_from_user-zero-the-destination-properly.patch
queue-4.4/metag-copy_from_user-should-zero-the-destination-on-access_ok-failure.patch
queue-4.4/score-fix-__get_user-get_user.patch
queue-4.4/parisc-fix-copy_from_user.patch
queue-4.4/mips-copy_from_user-must-zero-the-destination-on-access_ok-failure.patch
queue-4.4/alpha-fix-copy_from_user.patch
queue-4.4/mn10300-failing-__get_user-and-get_user-should-zero.patch
queue-4.4/openrisc-fix-copy_from_user.patch
queue-4.4/avr32-fix-copy_from_user.patch
queue-4.4/score-fix-copy_from_user-and-friends.patch
queue-4.4/sh64-failing-__get_user-should-zero.patch
queue-4.4/arc-uaccess-get_user-to-zero-out-dest-in-cause-of-fault.patch
queue-4.4/hexagon-fix-strncpy_from_user-error-return.patch
queue-4.4/frv-fix-clear_user.patch
queue-4.4/fix-minor-infoleak-in-get_user_ex.patch
queue-4.4/asm-generic-make-get_user-clear-the-destination-on-errors.patch
queue-4.4/mn10300-copy_from_user-should-zero-on-access_ok-failure.patch
queue-4.4/s390-get_user-should-zero-on-failure.patch
queue-4.4/microblaze-fix-__get_user.patch
queue-4.4/blackfin-fix-copy_from_user.patch
queue-4.4/fix-iov_iter_fault_in_readable.patch
queue-4.4/nios2-fix-__get_user.patch
queue-4.4/sh-fix-copy_from_user.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html