diff mbox series

[5.5,354/399] powerpc/mm: Dont log user reads to 0xffffffff

Message ID	20200221072435.333365196@linuxfoundation.org
State	Superseded
Headers	show Return-Path: <SRS0=vU/u=4J=vger.kernel.org=stable-owner@kernel.org> From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, stable@vger.kernel.org, Christophe Leroy <christophe.leroy@c-s.fr>, Michael Ellerman <mpe@ellerman.id.au>, Sasha Levin <sashal@kernel.org> Subject: [PATCH 5.5 354/399] powerpc/mm: Dont log user reads to 0xffffffff Date: Fri, 21 Feb 2020 08:41:19 +0100 Message-Id: <20200221072435.333365196@linuxfoundation.org> In-Reply-To: <20200221072402.315346745@linuxfoundation.org> References: <20200221072402.315346745@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org Precedence: bulk
Series	None \| expand [5.5,006/399] net/sched: flower: add missing validation of TCA_FLOWER_FLAGS [5.5,008/399] drm/dp_mst: fix multiple frees of tx->bytes [5.5,009/399] ath10k: Fix qmi init error handling [5.5,011/399] drm/virtio: fix byteorder handling in virtio_gpu_cmd_transfer_{from, to}_host_3d fu... [5.5,013/399] nfsd4: avoid NULL deference on strange COPY compounds [5.5,014/399] rcu/nocb: Fix dump_tree hierarchy print always active [5.5,016/399] soc: fsl: qe: change return type of cpm_muram_alloc() to s32 [5.5,018/399] dmaengine: ti: edma: add missed operations [5.5,020/399] f2fs: call f2fs_balance_fs outside of locked page [5.5,022/399] clk: meson: pll: Fix by 0 division in __pll_params_to_rate() [5.5,024/399] drm: rcar-du: Recognize "renesas,vsps" in addition to "vsps" [5.5,025/399] dmaengine: ti: edma: Fix error return code in edma_probe() [5.5,028/399] PCI: Fix pci_add_dma_alias() bitmask size [5.5,029/399] drm/amd/display: Map ODM memory correctly when doing ODM combine [5.5,030/399] leds: pca963x: Fix open-drain initialization [5.5,033/399] gianfar: Fix TX timestamping with a stacked DSA driver [5.5,034/399] pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs [5.5,035/399] printk: fix exclusive_console replaying [5.5,037/399] drm/msm/adreno: fix zap vs no-zap handling [5.5,038/399] pxa168fb: Fix the function used to release some memory in an error handling path [5.5,040/399] media: i2c: mt9v032: fix enum mbus codes and frame sizes [5.5,042/399] media: sun4i-csi: Fix data sampling polarity handling [5.5,044/399] clk: at91: sam9x60: fix programmable clock prescaler [5.5,045/399] powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number [5.5,046/399] clk: meson: meson8b: make the CCF use the glitch-free mali mux [5.5,048/399] iommu/vt-d: Fix off-by-one in PASID allocation [5.5,050/399] dm raid: table line rebuild status fixes [5.5,054/399] IB/core: Let IB core distribute cache update events [5.5,057/399] efi/x86: Map the entire EFI vendor string before copying it [5.5,058/399] sparc: Add .exit.data section. [5.5,059/399] net: ethernet: ixp4xx: Standard module init [5.5,063/399] drm/amdgpu/sriov: workaround on rev_id for Navi12 under sriov [5.5,065/399] drm/nouveau/nouveau: fix incorrect sizeof on args.src an args.dst [5.5,067/399] usb: dwc2: Fix IN FIFO allocation [5.5,069/399] drm/amd/display: Clear state after exiting fixed active VRR state [5.5,071/399] jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load ... [5.5,074/399] x86/sysfb: Fix check for bad VRAM size [5.5,076/399] udf: Allow writing to Rewritable partitions [5.5,077/399] dmaengine: fsl-qdma: fix duplicated argument to && [5.5,079/399] irqchip/gic-v3-its: Fix get_vlpi_map() breakage with doorbells [5.5,080/399] s390/pci: Fix possible deadlock in recover_store() [5.5,082/399] powerpc/iov: Move VF pdev fixup into pcibios_fixup_iov() [5.5,083/399] tracing: Fix tracing_stat return values in error handling paths [5.5,085/399] ARM: 8952/1: Disable kmemleak on XIP kernels [5.5,087/399] ath10k: Correct the DMA direction for management tx buffers [5.5,089/399] brcmfmac: sdio: Fix OOB interrupt initialization on brcm43362 [5.5,090/399] selftests: settings: tests can be in subsubdirs [5.5,092/399] drm/amd/display: Retrain dongles when SINK_COUNT becomes non-zero [5.5,093/399] tracing: Simplify assignment parsing for hist triggers [5.5,094/399] nbd: add a flush_workqueue in nbd_start_device [5.5,097/399] drivers/block/zram/zram_drv.c: fix error return codes not being returned in writeba... [5.5,101/399] clk: qcom: rcg2: Dont crash if our parent cant be found; return an error [5.5,103/399] bpf, sockhash: Synchronize_rcu before freeing map [5.5,105/399] drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_inf... [5.5,107/399] ath10k: correct the tlv len of ath10k_wmi_tlv_op_gen_config_pno_start [5.5,109/399] drm/panel: simple: Add Logic PD Type 28 display support [5.5,111/399] modules: lockdep: Suppress suspicious RCU usage warning [5.5,116/399] net/wan/fsl_ucc_hdlc: reject muram offsets above 64K [5.5,119/399] arm64: dts: allwinner: H6: Add PMU mode [5.5,120/399] arm64: dts: allwinner: H5: Add PMU node [5.5,122/399] opp: Free static OPPs on errors while adding them [5.5,123/399] selinux: ensure we cleanup the internal AVC counters on error in avc_insert() [5.5,125/399] arm64: dts: qcom: msm8996: Disable USB2 PHY suspend by core [5.5,128/399] clk: imx: Add correct failure handling for clk based helpers [5.5,130/399] ARM: dts: imx6: rdu2: Disable WP for USDHC2 and USDHC3 [5.5,132/399] IMA: Check IMA policy flag [5.5,134/399] PCI: iproc: Apply quirk_paxc_bridge() for module as well as built-in [5.5,136/399] PCI: Add generic quirk for increasing D3hot delay [5.5,138/399] Revert "nfp: abm: fix memory leak in nfp_abm_u32_knode_replace" [5.5,140/399] selftests/net: make so_txtime more robust to timer variance [5.5,141/399] media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros [5.5,143/399] samples/bpf: Set -fno-stack-protector when building BPF programs [5.5,144/399] r8169: check that Realtek PHY driver module is loaded [5.5,146/399] isdn: dont mark kcapi_proc_exit as __exit [5.5,148/399] ARM: OMAP2+: pdata-quirks: add PRM data for reset support [5.5,150/399] ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status [5.5,153/399] PCI: Add DMA alias quirk for PLX PEX NTB [5.5,154/399] b43legacy: Fix -Wcast-function-type [5.5,157/399] rtlwifi: rtl_pci: Fix -Wcast-function-type [5.5,158/399] orinoco: avoid assertion in case of NULL pointer [5.5,160/399] drm/amd/display: Lower DPP DTO only when safe [5.5,165/399] nfsd: Clone should commit src file metadata too [5.5,167/399] scsi: aic7xxx: Adjust indentation in ahc_find_syncrate [5.5,168/399] crypto: inside-secure - add unspecified HAS_IOMEM dependency [5.5,171/399] clk: renesas: rcar-gen3: Allow changing the RPC[D2] clocks [5.5,174/399] selinux: ensure we cleanup the internal AVC counters on error in avc_update() [5.5,175/399] scsi: lpfc: Fix: Rework setting of fdmi symbolic node name registration [5.5,177/399] PCI/ATS: Restore EXPORT_SYMBOL_GPL() for pci_{enable,disable}_ats() [5.5,180/399] iommu/iova: Silence warnings under memory pressure [5.5,181/399] clk: qcom: Add missing msm8998 gcc_bimc_gfx_clk [5.5,183/399] dmaengine: Store module owner in dma_device struct [5.5,185/399] dmaengine: imx-sdma: Fix memory leak [5.5,186/399] bpf: Print error message for bpftool cgroup show [5.5,190/399] PM / devfreq: exynos-ppmu: Fix excessive stack usage [5.5,191/399] PM / devfreq: Change time stats to 64-bit [5.5,193/399] drm/fbdev: Fallback to non tiled mode if all tiles not present [5.5,195/399] reset: uniphier: Add SCSSI reset control for each channel [5.5,198/399] RDMA/rxe: Fix error type of mmap_offset [5.5,199/399] ice: add extra check for null Rx descriptor [5.5,200/399] clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock [5.5,202/399] clk: Use parent node pointer during registration if necessary [5.5,205/399] ALSA: sh: Fix compile warning wrt const [5.5,207/399] tools lib api fs: Fix gcc9 stringop-truncation compilation error [5.5,209/399] ASoC: Intel: sof_rt5682: Ignore the speaker amp when there isnt one. [5.5,211/399] ACPI: button: Add DMI quirk for Razer Blade Stealth 13 late 2019 lid switch [5.5,212/399] iommu/vt-d: Match CPU and IOMMU paging mode [5.5,214/399] drm/amdkfd: Fix permissions of hang_hws [5.5,216/399] RDMA/hns: Avoid printing address of mtt page [5.5,219/399] ARM: dts: stm32: Add power-supply for DSI panel on stm32f469-disco [5.5,220/399] usbip: Fix unsafe unaligned pointer usage [5.5,222/399] selftests: Uninitialized variable in test_cgcore_proc_migration() [5.5,225/399] staging: rtl8188: avoid excessive stack usage [5.5,226/399] IB/hfi1: Add software counter for ctxt0 seq drop [5.5,228/399] soc/tegra: fuse: Correct straps address for older Tegra124 device trees [5.5,230/399] rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls [5.5,232/399] bnxt: Detach page from page pool before sending up the stack [5.5,236/399] arm64: dts: rockchip: fix dwmmc clock name for px30 [5.5,238/399] arm64: dts: rockchip: add reg property to brcmf sub-nodes [5.5,240/399] ALSA: usb-audio: Add boot quirk for MOTU M Series [5.5,243/399] raid6/test: fix a compilation warning [5.5,244/399] RDMA/uverbs: Remove needs_kfree_rcu from uverbs_obj_type_class [5.5,246/399] tty: synclink_gt: Adjust indentation in several functions [5.5,249/399] visorbus: fix uninitialized variable access [5.5,250/399] driver core: platform: Prevent resouce overflow from causing infinite loops [5.5,252/399] ASoC: SOF: Intel: hda-dai: fix compilation warning in pcm_prepare [5.5,253/399] bpf: Return -EBADRQC for invalid map type in __bpf_tx_xdp_map [5.5,255/399] MIPS: ralink: dts: gardena_smart_gateway_mt7688: Limit UART1 [5.5,258/399] drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler [5.5,261/399] dm thin: dont allow changing data device during thin-pool reload [5.5,263/399] drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add [5.5,264/399] perf/imx_ddr: Fix cpu hotplug state cleanup [5.5,267/399] iommu/arm-smmu-v3: Use WRITE_ONCE() when changing validity of an STE [5.5,268/399] ALSA: usb-audio: unlock on error in probe [5.5,271/399] scsi: ufs: pass device information to apply_dev_quirks [5.5,272/399] scsi: ufs-mediatek: add apply_dev_quirks variant operation [5.5,273/399] scsi: iscsi: Dont destroy session if there are outstanding connections [5.5,274/399] crypto: hisilicon - Update debugfs usage of SEC V2 [5.5,275/399] crypto: hisilicon - Bugfixed tfm leak [5.5,276/399] crypto: essiv - fix AEAD capitalization and preposition use in help text [5.5,277/399] ALSA: usb-audio: add implicit fb quirk for MOTU M Series [5.5,281/399] arm64: lse: fix LSE atomics with LLVMs integrated assembler [5.5,283/399] drm/amd/display: fixup DML dependencies [5.5,284/399] staging: wfx: fix possible overflow on jiffies comparaison [5.5,286/399] KVM: PPC: Remove set but not used variable ra, rs, rt [5.5,287/399] arm64: dts: ti: k3-j721e-main: Add missing power-domains for smmu [5.5,292/399] enetc: Dont print from enetc_sched_speed_set when link goes down [5.5,294/399] x86/apic/uv: Avoid unused variable warning [5.5,295/399] debugobjects: Fix various data races [5.5,298/399] regulator: vctrl-regulator: Avoid deadlock getting and setting the voltage [5.5,300/399] x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd [5.5,302/399] x86/boot/compressed: Relax sed symbol type regex for LLVM ld.lld [5.5,305/399] ide: serverworks: potential overflow in svwks_set_pio_mode() [5.5,306/399] pwm: Remove set but not set variable pwm [5.5,307/399] btrfs: fix possible NULL-pointer dereference in integrity checks [5.5,311/399] remoteproc: Initialize rproc_class before use [5.5,312/399] regulator: core: Fix exported symbols to the exported GPL version [5.5,313/399] irqchip/mbigen: Set driver .suppress_bind_attrs to avoid remove problems [5.5,314/399] ALSA: hda/hdmi - add retry logic to parse_intel_hdmi() [5.5,319/399] s390: adjust -mpacked-stack support check for clang 10 [5.5,320/399] s390/ftrace: generate traced function stack frame [5.5,324/399] ALSA: hda - Add docking station support for Lenovo Thinkpad T420s [5.5,327/399] net/mlx5e: Fix printk format warning [5.5,328/399] powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV [5.5,332/399] bcache: cached_dev_free needs to put the sb page [5.5,333/399] bcache: rework error unwinding in register_bcache [5.5,335/399] iommu/vt-d: Mark firmware tainted if RMRR fails sanity check [5.5,337/399] alarmtimer: Make alarmtimer platform device child of RTC device [5.5,338/399] selftests: bpf: Reset global state between reuseport test runs [5.5,339/399] jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record [5.5,343/399] ARM: 8941/1: decompressor: enable CP15 barrier instructions in v7 cache setup code [5.5,345/399] ALSA: usb-audio: add quirks for Line6 Helix devices fw>=2.82 [5.5,346/399] hostap: Adjust indentation in prism2_hostapd_add_sta [5.5,348/399] iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop [5.5,350/399] cifs: Fix mount options set in automount [5.5,351/399] cifs: fix NULL dereference in match_prepath [5.5,354/399] powerpc/mm: Dont log user reads to 0xffffffff [5.5,357/399] ASoC: Intel: consistent HDMI codec probing code [5.5,359/399] irqchip/gic-v3: Only provision redistributors that are enabled in ACPI [5.5,361/399] drm/nouveau/disp/nv50-: prevent oops when no channel method map provided [5.5,362/399] char: hpet: Fix out-of-bounds read bug [5.5,364/399] trigger_next should increase position index [5.5,365/399] radeon: insert 10ms sleep in dce5_crtc_load_lut [5.5,366/399] powerpc: Do not consider weak unresolved symbol relocations as bad [5.5,368/399] tracing: Fix now invalid var_ref_vals assumption in trace action [5.5,371/399] lib/scatterlist.c: adjust indentation in __sg_alloc_table [5.5,375/399] bcache: fix incorrect data type usage in btree_flush_write() [5.5,376/399] irqchip/gic-v3-its: Reference to its_invall_cmd descriptor when building INVALL [5.5,377/399] nvmet: Pass lockdep expression to RCU lists [5.5,378/399] nvmet: fix dsm failure when payload does not match sgl descriptor [5.5,380/399] iwlwifi: mvm: Fix thermal zone registration [5.5,383/399] tc-testing: add missing nsPlugin to basic.json [5.5,385/399] brd: check and limit max_part par [5.5,387/399] drm/amdgpu/smu10: fix smu10_get_clock_by_type_with_voltage [5.5,389/399] help_next should increase position index [5.5,391/399] kbuild: make multiple directory targets work [5.5,394/399] fuse: dont overflow LLONG_MAX with end offset [5.5,397/399] s390/pci: Recover handle in clp_set_pci_fn() [5.5,399/399] bcache: properly initialize path and err in register_bcache()

Commit Message

Greg KH Feb. 21, 2020, 7:41 a.m. UTC

From: Christophe Leroy <christophe.leroy@c-s.fr>

[ Upstream commit 0f9aee0cb9da7db7d96f63cfa2dc5e4f1bffeb87 ]

Running vdsotest leaves many times the following log:

  [   79.629901] vdsotest[396]: User access of kernel address (ffffffff) - exploit attempt? (uid: 0)

A pointer set to (-1) is likely a programming error similar to
a NULL pointer and is not worth logging as an exploit attempt.

Don't log user accesses to 0xffffffff.

Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/0728849e826ba16f1fbd6fa7f5c6cc87bd64e097.1577087627.git.christophe.leroy@c-s.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/powerpc/mm/fault.c | 3 +++
 1 file changed, 3 insertions(+)

diff mbox series

Patch

diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
index 1baeb045f7f4b..e083a9f67f701 100644
--- a/arch/powerpc/mm/fault.c
+++ b/arch/powerpc/mm/fault.c
@@ -354,6 +354,9 @@  static void sanity_check_fault(bool is_write, bool is_user,
 	 * Userspace trying to access kernel address, we get PROTFAULT for that.
 	 */
 	if (is_user && address >= TASK_SIZE) {
+		if ((long)address == -1)
+			return;
+
 		pr_crit_ratelimited("%s[%d]: User access of kernel address (%lx) - exploit attempt? (uid: %d)\n",
 				   current->comm, current->pid, address,
 				   from_kuid(&init_user_ns, current_uid()));