git.baikalelectronics.ru Git - kernel.git/commit

author	Arnd Bergmann <arnd@arndb.de>
	Thu, 10 Feb 2022 15:24:30 +0000 (16:24 +0100)
committer	Arnd Bergmann <arnd@arndb.de>
	Mon, 14 Feb 2022 21:30:53 +0000 (22:30 +0100)
commit	19477e71d7975d73edb611604e0e3d8ce57db77b
tree	226513c6b142c9fab9582d776f77d00e2cbee47c	tree \| snapshot
parent	6757ee160ac3fc336324c4ac5a8718b5090c9ffe	commit \| diff

uaccess: fix integer overflow on access_ok()

Three architectures check the end of a user access against the
address limit without taking a possible overflow into account.
Passing a negative length or another overflow in here returns
success when it should not.

Use the most common correct implementation here, which optimizes
for a constant 'size' argument, and turns the common case into a
single comparison.

Cc: stable@vger.kernel.org
Fixes: b85a1779d286 ("csky: User access")
Fixes: 692a005bc377 ("microblaze: Fix uaccess_ok macro")
Fixes: e11534dbc152 ("Hexagon: Add user access functions")
Reported-by: David Laight <David.Laight@aculab.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>

arch/csky/include/asm/uaccess.h		diff \| blob \| history
arch/hexagon/include/asm/uaccess.h		diff \| blob \| history
arch/microblaze/include/asm/uaccess.h		diff \| blob \| history