diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2017-09-24 11:53:13 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2017-09-24 11:53:13 -0700 |
commit | a4306434b79ffc859e5dc6ab0f305a3d8204ef46 (patch) | |
tree | d498a3e807b2d5e2920465dbf9138606c43ba9b7 /include | |
parent | a30282478271ea8e06d424f96c1537094b309c7c (diff) | |
parent | a2048e34d4655c06d31400646ae495bbfeb16b27 (diff) | |
download | linux-stable-a4306434b79ffc859e5dc6ab0f305a3d8204ef46.tar.gz linux-stable-a4306434b79ffc859e5dc6ab0f305a3d8204ef46.tar.bz2 linux-stable-a4306434b79ffc859e5dc6ab0f305a3d8204ef46.zip |
Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull address-limit checking fixes from Ingo Molnar:
"This fixes a number of bugs in the address-limit (USER_DS) checks that
got introduced in the merge window, (mostly) affecting the ARM and
ARM64 platforms"
* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
arm64/syscalls: Move address limit check in loop
arm/syscalls: Optimize address limit check
Revert "arm/syscalls: Check address limit on user-mode return"
syscalls: Use CHECK_DATA_CORRUPTION for addr_limit_user_check
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/syscalls.h | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 95606a2d556f..a78186d826d7 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -221,21 +221,25 @@ static inline int is_syscall_trace_event(struct trace_event_call *tp_event) } \ static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__)) -#ifdef TIF_FSCHECK /* * Called before coming back to user-mode. Returning to user-mode with an * address limit different than USER_DS can allow to overwrite kernel memory. */ static inline void addr_limit_user_check(void) { - +#ifdef TIF_FSCHECK if (!test_thread_flag(TIF_FSCHECK)) return; +#endif - BUG_ON(!segment_eq(get_fs(), USER_DS)); + if (CHECK_DATA_CORRUPTION(!segment_eq(get_fs(), USER_DS), + "Invalid address limit on user-mode return")) + force_sig(SIGKILL, current); + +#ifdef TIF_FSCHECK clear_thread_flag(TIF_FSCHECK); -} #endif +} asmlinkage long sys32_quotactl(unsigned int cmd, const char __user *special, qid_t id, void __user *addr); |