Patch "ppc32: fix copy_from_user()" has been added to the 4.4-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    ppc32: fix copy_from_user()

to the 4.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ppc32-fix-copy_from_user.patch
and it can be found in the queue-4.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 224264657b8b228f949b42346e09ed8c90136a8e Mon Sep 17 00:00:00 2001
From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Date: Sun, 21 Aug 2016 19:16:26 -0400
Subject: ppc32: fix copy_from_user()

From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>

commit 224264657b8b228f949b42346e09ed8c90136a8e upstream.

should clear on access_ok() failures.  Also remove the useless
range truncation logics.

Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 arch/powerpc/include/asm/uaccess.h |   21 ++-------------------
 1 file changed, 2 insertions(+), 19 deletions(-)

--- a/arch/powerpc/include/asm/uaccess.h
+++ b/arch/powerpc/include/asm/uaccess.h
@@ -323,30 +323,17 @@ extern unsigned long __copy_tofrom_user(
 static inline unsigned long copy_from_user(void *to,
 		const void __user *from, unsigned long n)
 {
-	unsigned long over;
-
-	if (access_ok(VERIFY_READ, from, n))
+	if (likely(access_ok(VERIFY_READ, from, n)))
 		return __copy_tofrom_user((__force void __user *)to, from, n);
-	if ((unsigned long)from < TASK_SIZE) {
-		over = (unsigned long)from + n - TASK_SIZE;
-		return __copy_tofrom_user((__force void __user *)to, from,
-				n - over) + over;
-	}
++	memset(to, 0, n);
 	return n;
 }
 
 static inline unsigned long copy_to_user(void __user *to,
 		const void *from, unsigned long n)
 {
-	unsigned long over;
-
 	if (access_ok(VERIFY_WRITE, to, n))
 		return __copy_tofrom_user(to, (__force void __user *)from, n);
-	if ((unsigned long)to < TASK_SIZE) {
-		over = (unsigned long)to + n - TASK_SIZE;
-		return __copy_tofrom_user(to, (__force void __user *)from,
-				n - over) + over;
-	}
 	return n;
 }
 
@@ -437,10 +424,6 @@ static inline unsigned long clear_user(v
 	might_fault();
 	if (likely(access_ok(VERIFY_WRITE, addr, size)))
 		return __clear_user(addr, size);
-	if ((unsigned long)addr < TASK_SIZE) {
-		unsigned long over = (unsigned long)addr + size - TASK_SIZE;
-		return __clear_user(addr, size - over) + over;
-	}
 	return size;
 }
 


Patches currently in stable-queue which might be from viro@xxxxxxxxxxxxxxxxxx are

queue-4.4/nios2-copy_from_user-should-zero-the-tail-of-destination.patch
queue-4.4/ppc32-fix-copy_from_user.patch
queue-4.4/m32r-fix-__get_user.patch
queue-4.4/microblaze-fix-copy_from_user.patch
queue-4.4/cris-buggered-copy_from_user-copy_to_user-clear_user.patch
queue-4.4/asm-generic-make-copy_from_user-zero-the-destination-properly.patch
queue-4.4/metag-copy_from_user-should-zero-the-destination-on-access_ok-failure.patch
queue-4.4/score-fix-__get_user-get_user.patch
queue-4.4/parisc-fix-copy_from_user.patch
queue-4.4/mips-copy_from_user-must-zero-the-destination-on-access_ok-failure.patch
queue-4.4/alpha-fix-copy_from_user.patch
queue-4.4/mn10300-failing-__get_user-and-get_user-should-zero.patch
queue-4.4/openrisc-fix-copy_from_user.patch
queue-4.4/avr32-fix-copy_from_user.patch
queue-4.4/ia64-copy_from_user-should-zero-the-destination-on-access_ok-failure.patch
queue-4.4/score-fix-copy_from_user-and-friends.patch
queue-4.4/sh64-failing-__get_user-should-zero.patch
queue-4.4/arc-uaccess-get_user-to-zero-out-dest-in-cause-of-fault.patch
queue-4.4/hexagon-fix-strncpy_from_user-error-return.patch
queue-4.4/frv-fix-clear_user.patch
queue-4.4/fix-minor-infoleak-in-get_user_ex.patch
queue-4.4/asm-generic-make-get_user-clear-the-destination-on-errors.patch
queue-4.4/sparc32-fix-copy_from_user.patch
queue-4.4/mn10300-copy_from_user-should-zero-on-access_ok-failure.patch
queue-4.4/s390-get_user-should-zero-on-failure.patch
queue-4.4/microblaze-fix-__get_user.patch
queue-4.4/blackfin-fix-copy_from_user.patch
queue-4.4/fix-iov_iter_fault_in_readable.patch
queue-4.4/nios2-fix-__get_user.patch
queue-4.4/sh-fix-copy_from_user.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]