diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2016-09-21 02:11:19 +0200 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2016-09-21 02:11:19 +0200 |
| commit | 7d1e042314619115153a0f6f06e4552c09a50e13 (patch) | |
| tree | 25d4271356edf0fe0f519393582328dc74859bbc | |
| parent | fix fault_in_multipages_...() on architectures with no-op access_ok() (diff) | |
| parent | mm: usercopy: Check for module addresses (diff) | |
| download | linux-7d1e042314619115153a0f6f06e4552c09a50e13.tar.xz linux-7d1e042314619115153a0f6f06e4552c09a50e13.zip | |
Merge tag 'usercopy-v4.8-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull usercopy hardening fix from Kees Cook:
"Expand the arm64 vmalloc check to include skipping the module space
too"
* tag 'usercopy-v4.8-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
mm: usercopy: Check for module addresses
| -rw-r--r-- | mm/usercopy.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/mm/usercopy.c b/mm/usercopy.c index 089328f2b920..3c8da0af9695 100644 --- a/mm/usercopy.c +++ b/mm/usercopy.c @@ -207,8 +207,11 @@ static inline const char *check_heap_object(const void *ptr, unsigned long n, * Some architectures (arm64) return true for virt_addr_valid() on * vmalloced addresses. Work around this by checking for vmalloc * first. + * + * We also need to check for module addresses explicitly since we + * may copy static data from modules to userspace */ - if (is_vmalloc_addr(ptr)) + if (is_vmalloc_or_module_addr(ptr)) return NULL; if (!virt_addr_valid(ptr)) |