summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2017-09-24 11:53:13 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2017-09-24 11:53:13 -0700
commita4306434b79ffc859e5dc6ab0f305a3d8204ef46 (patch)
treed498a3e807b2d5e2920465dbf9138606c43ba9b7 /include
parenta30282478271ea8e06d424f96c1537094b309c7c (diff)
parenta2048e34d4655c06d31400646ae495bbfeb16b27 (diff)
downloadlinux-stable-a4306434b79ffc859e5dc6ab0f305a3d8204ef46.tar.gz
linux-stable-a4306434b79ffc859e5dc6ab0f305a3d8204ef46.tar.bz2
linux-stable-a4306434b79ffc859e5dc6ab0f305a3d8204ef46.zip
Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull address-limit checking fixes from Ingo Molnar: "This fixes a number of bugs in the address-limit (USER_DS) checks that got introduced in the merge window, (mostly) affecting the ARM and ARM64 platforms" * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: arm64/syscalls: Move address limit check in loop arm/syscalls: Optimize address limit check Revert "arm/syscalls: Check address limit on user-mode return" syscalls: Use CHECK_DATA_CORRUPTION for addr_limit_user_check
Diffstat (limited to 'include')
-rw-r--r--include/linux/syscalls.h12
1 files changed, 8 insertions, 4 deletions
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index 95606a2d556f..a78186d826d7 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -221,21 +221,25 @@ static inline int is_syscall_trace_event(struct trace_event_call *tp_event)
} \
static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__))
-#ifdef TIF_FSCHECK
/*
* Called before coming back to user-mode. Returning to user-mode with an
* address limit different than USER_DS can allow to overwrite kernel memory.
*/
static inline void addr_limit_user_check(void)
{
-
+#ifdef TIF_FSCHECK
if (!test_thread_flag(TIF_FSCHECK))
return;
+#endif
- BUG_ON(!segment_eq(get_fs(), USER_DS));
+ if (CHECK_DATA_CORRUPTION(!segment_eq(get_fs(), USER_DS),
+ "Invalid address limit on user-mode return"))
+ force_sig(SIGKILL, current);
+
+#ifdef TIF_FSCHECK
clear_thread_flag(TIF_FSCHECK);
-}
#endif
+}
asmlinkage long sys32_quotactl(unsigned int cmd, const char __user *special,
qid_t id, void __user *addr);