summaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorJames Hogan <james.hogan@imgtec.com>2015-08-05 16:41:37 +0100
committerRalf Baechle <ralf@linux-mips.org>2015-12-22 11:54:13 +0100
commit5dc62fdd8383afbd2faca6b6e6ea1052b45b0124 (patch)
treeb5c3dd44291acc0d96ebf4088d6f07f970b846c8 /kernel
parent4ef7675344d687a0ef5b0d7c0cee12da005870c0 (diff)
downloadlinux-5dc62fdd8383afbd2faca6b6e6ea1052b45b0124.tar.gz
linux-5dc62fdd8383afbd2faca6b6e6ea1052b45b0124.tar.bz2
linux-5dc62fdd8383afbd2faca6b6e6ea1052b45b0124.zip
MIPS: uaccess: Fix strlen_user with EVA
The strlen_user() function calls __strlen_kernel_asm in both branches of the eva_kernel_access() conditional. For EVA it should be calling __strlen_user_eva for user accesses, otherwise it will load from the kernel address space instead of the user address space, and the access checking will likely be ineffective at preventing it due to EVA's overlapping user and kernel address spaces. This was found after extending the test_user_copy module to cover user string access functions, which gave the following error with EVA: test_user_copy: illegal strlen_user passed Fortunately the use of strlen_user() has been all but eradicated from the mainline kernel, so only out of tree modules could be affected. Fixes: e3a9b07a9caf ("MIPS: asm: uaccess: Add EVA support for str*_user operations") Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: Markos Chandras <markos.chandras@imgtec.com> Cc: Paul Burton <paul.burton@imgtec.com> Cc: Leonid Yegoshin <leonid.yegoshin@imgtec.com> Cc: linux-mips@linux-mips.org Cc: <stable@vger.kernel.org> # 3.15.x- Patchwork: https://patchwork.linux-mips.org/patch/10842/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Diffstat (limited to 'kernel')
0 files changed, 0 insertions, 0 deletions