6.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yanjun Yang <yangyj.ee@xxxxxxxxx>
[ Upstream commit 3ccea4784fddd96fbd6c4497eb28b45dab638c2a ]
Commit 169f9102f9198b ("ARM: 9350/1: fault: Implement
copy_from_kernel_nofault_allowed()") added the function to check address
before use. However, for devices without MMU, addr > TASK_SIZE will
always fail. This patch move this function after the #ifdef CONFIG_MMU
statement.
Signed-off-by: Yanjun Yang <yangyj.ee@xxxxxxxxx>
Acked-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218953
Fixes: 169f9102f9198b ("ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed()")
Link: https://lore.kernel.org/r/20240611100947.32241-1-yangyj.ee@xxxxxxxxx
Signed-off-by: Kees Cook <kees@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
arch/arm/mm/fault.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
index 67c425341a951..ab01b51de5590 100644
--- a/arch/arm/mm/fault.c
+++ b/arch/arm/mm/fault.c
@@ -25,6 +25,8 @@
#include "fault.h"
+#ifdef CONFIG_MMU
+
bool copy_from_kernel_nofault_allowed(const void *unsafe_src, size_t size)
{
unsigned long addr = (unsigned long)unsafe_src;
@@ -32,8 +34,6 @@ bool copy_from_kernel_nofault_allowed(const void *unsafe_src, size_t size)
return addr >= TASK_SIZE && ULONG_MAX - addr >= size;
}
-#ifdef CONFIG_MMU
-
/*
* This is useful to dump out the page tables associated with
* 'addr' in mm 'mm'.
--
2.43.0
