]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit
projects / mirror_ubuntu-jammy-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 29d9a0b) | patch
x86/uaccess: Don't leak the AC flags into __get_user() argument evaluation
authorPeter Zijlstra <peterz@infradead.org>
Thu, 29 Aug 2019 08:24:45 +0000 (10:24 +0200)
committerPeter Zijlstra <peterz@infradead.org>
Mon, 2 Sep 2019 12:22:38 +0000 (14:22 +0200)
commit9b8bd476e78e89c9ea26c3b435ad0201c3d7dbf5
treeb9a0554a17fe68adb8624c7845fdb1d8e0d7d324tree
parent29d9a0b50736768f042752070e5cdf4e4d4c00dfcommit | diff
x86/uaccess: Don't leak the AC flags into __get_user() argument evaluation

Identical to __put_user(); the __get_user() argument evalution will too
leak UBSAN crud into the __uaccess_begin() / __uaccess_end() region.
While uncommon this was observed to happen for:

  drivers/xen/gntdev.c: if (__get_user(old_status, batch->status[i]))

where UBSAN added array bound checking.

This complements commit:

  6ae865615fc4 ("x86/uaccess: Dont leak the AC flag into __put_user() argument evaluation")

Tested-by Sedat Dilek <sedat.dilek@gmail.com>
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: broonie@kernel.org
Cc: sfr@canb.auug.org.au
Cc: akpm@linux-foundation.org
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: mhocko@suse.cz
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Link: https://lkml.kernel.org/r/20190829082445.GM2369@hirez.programming.kicks-ass.net
arch/x86/include/asm/uaccess.h diff | blob | blame | history
Ubuntu Jammy Linux kernel mirror