diff mbox series

[5.15,36/37] m68k: fix access_ok for coldfire

Message ID	20220325150420.964665740@linuxfoundation.org
State	Superseded
Headers	show Return-Path: <stable-owner@kernel.org> From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, stable@vger.kernel.org, Christoph Hellwig <hch@lst.de>, Arnd Bergmann <arnd@arndb.de> Subject: [PATCH 5.15 36/37] m68k: fix access_ok for coldfire Date: Fri, 25 Mar 2022 16:14:37 +0100 Message-Id: <20220325150420.964665740@linuxfoundation.org> In-Reply-To: <20220325150419.931802116@linuxfoundation.org> References: <20220325150419.931802116@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	None \| expand [5.15,02/37] net: ipv6: fix skb_over_panic in __ip6_append_data [5.15,03/37] tpm: Fix error handling in async work [5.15,04/37] Bluetooth: btusb: Add another Realtek 8761BU [5.15,05/37] llc: fix netdevice reference leaks in llc_ui_bind() [5.15,06/37] ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call [5.15,07/37] ALSA: oss: Fix PCM OSS buffer allocation overflow [5.15,08/37] ALSA: usb-audio: add mapping for new Corsair Virtuoso SE [5.15,09/37] ALSA: hda/realtek: Add quirk for Clevo NP70PNJ [5.15,11/37] ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 [5.15,12/37] ALSA: hda/realtek: Add quirk for ASUS GA402 [5.15,13/37] ALSA: pcm: Fix races among concurrent hw_params and hw_free calls [5.15,15/37] ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls [5.15,16/37] ALSA: pcm: Fix races among concurrent prealloc proc writes [5.15,17/37] ALSA: pcm: Add stream lock during PCM reset ioctl operations [5.15,18/37] ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB [5.16,10/37] ALSA: pcm: Fix races among concurrent hw_params and hw_free calls [5.15,20/37] ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec [5.15,21/37] drivers: net: xgene: Fix regression in CRC stripping [5.16,14/37] tpm: Fix error handling in async work [5.15,23/37] netfilter: nf_tables: validate registers coming from userspace. [5.15,24/37] ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board [5.15,26/37] ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU [5.15,27/37] crypto: qat - disable registration of algorithms [5.16,19/37] ALSA: cmipci: Restore aux vol on suspend/resume [5.15,29/37] Revert "ath: add support for special 0x0 regulatory domain" [5.15,30/37] drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() [5.15,31/37] rcu: Dont deboost before reporting expedited quiescent state [5.16,22/37] netfilter: nf_tables: initialize registers in nft_do_chain() [5.15,33/37] mac80211: fix potential double free on mesh join [5.16,25/37] ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 [5.15,36/37] m68k: fix access_ok for coldfire [5.16,28/37] Bluetooth: btusb: Add one more Bluetooth part for the Realtek RTL8852AE [5.15,37/37] nds32: fix access_ok() checks in get/put_user [5.16,32/37] uaccess: fix integer overflow on access_ok() [5.16,34/37] tpm: use try_get_ops() in tpm-space.c [5.16,35/37] wcn36xx: Differentiate wcn3660 from wcn3620

Commit Message

Greg KH March 25, 2022, 3:14 p.m. UTC

From: Arnd Bergmann <arnd@arndb.de>

commit 26509034bef198525d5936c116cbd0c3fa491c0b upstream.

While most m68k platforms use separate address spaces for user
and kernel space, at least coldfire does not, and the other
ones have a TASK_SIZE that is less than the entire 4GB address
range.

Using the default implementation of __access_ok() stops coldfire
user space from trivially accessing kernel memory.

Reviewed-by: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/m68k/include/asm/uaccess.h |   15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff mbox series

Patch

--- a/arch/m68k/include/asm/uaccess.h
+++ b/arch/m68k/include/asm/uaccess.h
@@ -12,14 +12,17 @@ 
 #include <asm/extable.h>
 
 /* We let the MMU do all checking */
-static inline int access_ok(const void __user *addr,
+static inline int access_ok(const void __user *ptr,
 			    unsigned long size)
 {
-	/*
-	 * XXX: for !CONFIG_CPU_HAS_ADDRESS_SPACES this really needs to check
-	 * for TASK_SIZE!
-	 */
-	return 1;
+	unsigned long limit = TASK_SIZE;
+	unsigned long addr = (unsigned long)ptr;
+
+	if (IS_ENABLED(CONFIG_CPU_HAS_ADDRESS_SPACES) ||
+	    !IS_ENABLED(CONFIG_MMU))
+		return 1;
+
+	return (size <= limit) && (addr <= (limit - size));
 }
 
 /*