riscv: lib: uaccess: fix CSR_STATUS SR_SUM bit - linux

diff options

author	Chen Lifu <chenlifu@huawei.com>	2022-06-15 03:47:14 +0200
committer	Palmer Dabbelt <palmer@rivosinc.com>	2022-08-10 23:06:31 +0200
commit	c08b4848f596fd95543197463b5162bd7bab2442 (patch)
tree	2646264133159290bbcf4fda50a370fa37ff0d29 /arch/arm/boot/dts/ste-ux500-samsung-codina.dts
parent	Merge tag 'riscv-for-linus-5.20-mw0' of git://git.kernel.org/pub/scm/linux/ke... (diff)
download	linux-c08b4848f596fd95543197463b5162bd7bab2442.tar.xz linux-c08b4848f596fd95543197463b5162bd7bab2442.zip

riscv: lib: uaccess: fix CSR_STATUS SR_SUM bit

Since commit 5d8544e2d007 ("RISC-V: Generic library routines and assembly") and commit ebcbd75e3962 ("riscv: Fix the bug in memory access fixup code"), if __clear_user and __copy_user return from an fixup branch, CSR_STATUS SR_SUM bit will be set, it is a vulnerability, so that S-mode memory accesses to pages that are accessible by U-mode will success. Disable S-mode access to U-mode memory should clear SR_SUM bit. Fixes: 5d8544e2d007 ("RISC-V: Generic library routines and assembly") Fixes: ebcbd75e3962 ("riscv: Fix the bug in memory access fixup code") Signed-off-by: Chen Lifu <chenlifu@huawei.com> Reviewed-by: Ben Dooks <ben.dooks@codethink.co.uk> Link: https://lore.kernel.org/r/20220615014714.1650349-1-chenlifu@huawei.com Cc: stable@vger.kernel.org Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>

Diffstat (limited to 'arch/arm/boot/dts/ste-ux500-samsung-codina.dts')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: