]> git.baikalelectronics.ru Git - kernel.git/commit
x86/uaccess: Don't leak the AC flags into __get_user() argument evaluation
authorPeter Zijlstra <peterz@infradead.org>
Thu, 29 Aug 2019 08:24:45 +0000 (10:24 +0200)
committerPeter Zijlstra <peterz@infradead.org>
Mon, 2 Sep 2019 12:22:38 +0000 (14:22 +0200)
commitafdbf0091cfff920e70d5a2997ca1545960ce70b
treeb9a0554a17fe68adb8624c7845fdb1d8e0d7d324
parent754a2aa7111199295c18c139c05a886fbb4b99ef
x86/uaccess: Don't leak the AC flags into __get_user() argument evaluation

Identical to __put_user(); the __get_user() argument evalution will too
leak UBSAN crud into the __uaccess_begin() / __uaccess_end() region.
While uncommon this was observed to happen for:

  drivers/xen/gntdev.c: if (__get_user(old_status, batch->status[i]))

where UBSAN added array bound checking.

This complements commit:

  432f58820a53 ("x86/uaccess: Dont leak the AC flag into __put_user() argument evaluation")

Tested-by Sedat Dilek <sedat.dilek@gmail.com>
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: broonie@kernel.org
Cc: sfr@canb.auug.org.au
Cc: akpm@linux-foundation.org
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: mhocko@suse.cz
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Link: https://lkml.kernel.org/r/20190829082445.GM2369@hirez.programming.kicks-ass.net
arch/x86/include/asm/uaccess.h