Patch "ia64: copy_from_user() should zero the destination on access_ok() failure" has been added to the 4.7-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    ia64: copy_from_user() should zero the destination on access_ok() failure

to the 4.7-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ia64-copy_from_user-should-zero-the-destination-on-access_ok-failure.patch
and it can be found in the queue-4.7 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From a5e541f796f17228793694d64b507f5f57db4cd7 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Date: Thu, 18 Aug 2016 21:31:41 -0400
Subject: ia64: copy_from_user() should zero the destination on access_ok() failure

From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>

commit a5e541f796f17228793694d64b507f5f57db4cd7 upstream.

Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 arch/ia64/include/asm/uaccess.h |   20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

--- a/arch/ia64/include/asm/uaccess.h
+++ b/arch/ia64/include/asm/uaccess.h
@@ -263,17 +263,15 @@ __copy_from_user (void *to, const void _
 	__cu_len;									\
 })
 
-#define copy_from_user(to, from, n)							\
-({											\
-	void *__cu_to = (to);								\
-	const void __user *__cu_from = (from);						\
-	long __cu_len = (n);								\
-											\
-	__chk_user_ptr(__cu_from);							\
-	if (__access_ok(__cu_from, __cu_len, get_fs()))					\
-		__cu_len = __copy_user((__force void __user *) __cu_to, __cu_from, __cu_len);	\
-	__cu_len;									\
-})
+static inline unsigned long
+copy_from_user(void *to, const void __user *from, unsigned long n)
+{
+	if (likely(__access_ok(from, n, get_fs())))
+		n = __copy_user((__force void __user *) to, from, n);
+	else
+		memset(to, 0, n);
+	return n;
+}
 
 #define __copy_in_user(to, from, size)	__copy_user((to), (from), (size))
 


Patches currently in stable-queue which might be from viro@xxxxxxxxxxxxxxxxxx are

queue-4.7/nios2-copy_from_user-should-zero-the-tail-of-destination.patch
queue-4.7/ppc32-fix-copy_from_user.patch
queue-4.7/m32r-fix-__get_user.patch
queue-4.7/microblaze-fix-copy_from_user.patch
queue-4.7/cris-buggered-copy_from_user-copy_to_user-clear_user.patch
queue-4.7/asm-generic-make-copy_from_user-zero-the-destination-properly.patch
queue-4.7/metag-copy_from_user-should-zero-the-destination-on-access_ok-failure.patch
queue-4.7/score-fix-__get_user-get_user.patch
queue-4.7/parisc-fix-copy_from_user.patch
queue-4.7/mips-copy_from_user-must-zero-the-destination-on-access_ok-failure.patch
queue-4.7/alpha-fix-copy_from_user.patch
queue-4.7/mn10300-failing-__get_user-and-get_user-should-zero.patch
queue-4.7/openrisc-fix-copy_from_user.patch
queue-4.7/avr32-fix-copy_from_user.patch
queue-4.7/ia64-copy_from_user-should-zero-the-destination-on-access_ok-failure.patch
queue-4.7/score-fix-copy_from_user-and-friends.patch
queue-4.7/sh64-failing-__get_user-should-zero.patch
queue-4.7/arc-uaccess-get_user-to-zero-out-dest-in-cause-of-fault.patch
queue-4.7/hexagon-fix-strncpy_from_user-error-return.patch
queue-4.7/af_unix-split-u-readlock-into-two-iolock-and-bindlock.patch
queue-4.7/frv-fix-clear_user.patch
queue-4.7/fix-minor-infoleak-in-get_user_ex.patch
queue-4.7/asm-generic-make-get_user-clear-the-destination-on-errors.patch
queue-4.7/sparc32-fix-copy_from_user.patch
queue-4.7/mn10300-copy_from_user-should-zero-on-access_ok-failure.patch
queue-4.7/s390-get_user-should-zero-on-failure.patch
queue-4.7/microblaze-fix-__get_user.patch
queue-4.7/blackfin-fix-copy_from_user.patch
queue-4.7/fix-iov_iter_fault_in_readable.patch
queue-4.7/nios2-fix-__get_user.patch
queue-4.7/sh-fix-copy_from_user.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]