Revision - 2a418cf - x86/uaccess: Don't leak the AC flag into __put_user() value evaluation - origin: https://github.com/torvalds/linux

visit type:

https://github.com/torvalds/linux

17 May 2024, 11:00:25 UTC

Revision 2a418cf3f5f1caf911af288e978d61c9844b0695 authored by Andy Lutomirski on 23 February 2019, 01:17:04 UTC, committed by Borislav Petkov on 25 February 2019, 19:17:05 UTC

x86/uaccess: Don't leak the AC flag into __put_user() value evaluation

When calling __put_user(foo(), ptr), the __put_user() macro would call
foo() in between __uaccess_begin() and __uaccess_end().  If that code
were buggy, then those bugs would be run without SMAP protection.

Fortunately, there seem to be few instances of the problem in the
kernel. Nevertheless, __put_user() should be fixed to avoid doing this.
Therefore, evaluate __put_user()'s argument before setting AC.

This issue was noticed when an objtool hack by Peter Zijlstra complained
about genregs_get() and I compared the assembly output to the C source.

 [ bp: Massage commit message and fixed up whitespace. ]

Fixes: 11f1a4b9755f ("x86: reorganize SMAP handling in user space accesses")
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/20190225125231.845656645@infradead.org

1 parent f331e76

Files
Changes

Permalinks

Tip revision: 2a418cf3f5f1caf911af288e978d61c9844b0695 authored by Andy Lutomirski on 23 February 2019, 01:17:04 UTC
x86/uaccess: Don't leak the AC flag into __put_user() value evaluation

Tip revision: 2a418cf

Kconfig

# SPDX-License-Identifier: GPL-2.0
menu "Device Drivers"

# Keep I/O buses first

source "drivers/amba/Kconfig"
source "drivers/eisa/Kconfig"
source "drivers/pci/Kconfig"
source "drivers/pcmcia/Kconfig"
source "drivers/rapidio/Kconfig"


source "drivers/base/Kconfig"

source "drivers/bus/Kconfig"

source "drivers/connector/Kconfig"

source "drivers/gnss/Kconfig"

source "drivers/mtd/Kconfig"

source "drivers/of/Kconfig"

source "drivers/parport/Kconfig"

source "drivers/pnp/Kconfig"

source "drivers/block/Kconfig"

source "drivers/nvme/Kconfig"

# misc before ide - BLK_DEV_SGIIOC4 depends on SGI_IOC4

source "drivers/misc/Kconfig"

source "drivers/ide/Kconfig"

source "drivers/scsi/Kconfig"

source "drivers/ata/Kconfig"

source "drivers/md/Kconfig"

source "drivers/target/Kconfig"

source "drivers/message/fusion/Kconfig"

source "drivers/firewire/Kconfig"

source "drivers/macintosh/Kconfig"

source "drivers/net/Kconfig"

source "drivers/isdn/Kconfig"

source "drivers/lightnvm/Kconfig"

# input before char - char/joystick depends on it. As does USB.

source "drivers/input/Kconfig"

source "drivers/char/Kconfig"

source "drivers/i2c/Kconfig"

source "drivers/i3c/Kconfig"

source "drivers/spi/Kconfig"

source "drivers/spmi/Kconfig"

source "drivers/hsi/Kconfig"

source "drivers/pps/Kconfig"

source "drivers/ptp/Kconfig"

source "drivers/pinctrl/Kconfig"

source "drivers/gpio/Kconfig"

source "drivers/w1/Kconfig"

source "drivers/power/Kconfig"

source "drivers/hwmon/Kconfig"

source "drivers/thermal/Kconfig"

source "drivers/watchdog/Kconfig"

source "drivers/ssb/Kconfig"

source "drivers/bcma/Kconfig"

source "drivers/mfd/Kconfig"

source "drivers/regulator/Kconfig"

source "drivers/media/Kconfig"

source "drivers/video/Kconfig"

source "sound/Kconfig"

source "drivers/hid/Kconfig"

source "drivers/usb/Kconfig"

source "drivers/uwb/Kconfig"

source "drivers/mmc/Kconfig"

source "drivers/memstick/Kconfig"

source "drivers/leds/Kconfig"

source "drivers/accessibility/Kconfig"

source "drivers/infiniband/Kconfig"

source "drivers/edac/Kconfig"

source "drivers/rtc/Kconfig"

source "drivers/dma/Kconfig"

source "drivers/dma-buf/Kconfig"

source "drivers/dca/Kconfig"

source "drivers/auxdisplay/Kconfig"

source "drivers/uio/Kconfig"

source "drivers/vfio/Kconfig"

source "drivers/vlynq/Kconfig"

source "drivers/virt/Kconfig"

source "drivers/virtio/Kconfig"

source "drivers/hv/Kconfig"

source "drivers/xen/Kconfig"

source "drivers/staging/Kconfig"

source "drivers/platform/Kconfig"

source "drivers/clk/Kconfig"

source "drivers/hwspinlock/Kconfig"

source "drivers/clocksource/Kconfig"

source "drivers/mailbox/Kconfig"

source "drivers/iommu/Kconfig"

source "drivers/remoteproc/Kconfig"

source "drivers/rpmsg/Kconfig"

source "drivers/soundwire/Kconfig"

source "drivers/soc/Kconfig"

source "drivers/devfreq/Kconfig"

source "drivers/extcon/Kconfig"

source "drivers/memory/Kconfig"

source "drivers/iio/Kconfig"

source "drivers/ntb/Kconfig"

source "drivers/vme/Kconfig"

source "drivers/pwm/Kconfig"

source "drivers/irqchip/Kconfig"

source "drivers/ipack/Kconfig"

source "drivers/reset/Kconfig"

source "drivers/fmc/Kconfig"

source "drivers/phy/Kconfig"

source "drivers/powercap/Kconfig"

source "drivers/mcb/Kconfig"

source "drivers/perf/Kconfig"

source "drivers/ras/Kconfig"

source "drivers/thunderbolt/Kconfig"

source "drivers/android/Kconfig"

source "drivers/nvdimm/Kconfig"

source "drivers/dax/Kconfig"

source "drivers/nvmem/Kconfig"

source "drivers/hwtracing/Kconfig"

source "drivers/fpga/Kconfig"

source "drivers/fsi/Kconfig"

source "drivers/tee/Kconfig"

source "drivers/mux/Kconfig"

source "drivers/opp/Kconfig"

source "drivers/visorbus/Kconfig"

source "drivers/siox/Kconfig"

source "drivers/slimbus/Kconfig"

endmenu

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...