diff options
author | Arnd Bergmann <arnd@arndb.de> | 2022-02-16 13:48:06 +0100 |
---|---|---|
committer | Arnd Bergmann <arnd@arndb.de> | 2022-02-25 09:36:06 +0100 |
commit | 5a06fcb15b43d1f7bf740c672950122331cb5655 (patch) | |
tree | 115409abe923229be6f68fc285a7063988fc295a /lib/test_lockup.c | |
parent | uaccess: generalize access_ok() (diff) | |
download | linux-5a06fcb15b43d1f7bf740c672950122331cb5655.tar.xz linux-5a06fcb15b43d1f7bf740c672950122331cb5655.zip |
lib/test_lockup: fix kernel pointer check for separate address spaces
test_kernel_ptr() uses access_ok() to figure out if a given address
points to user space instead of kernel space. However on architectures
that set CONFIG_ALTERNATE_USER_ADDRESS_SPACE, a pointer can be valid
for both, and the check always fails because access_ok() returns true.
Make the check for user space pointers conditional on the type of
address space layout.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Diffstat (limited to 'lib/test_lockup.c')
-rw-r--r-- | lib/test_lockup.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/test_lockup.c b/lib/test_lockup.c index 6a0f329a794a..c3fd87d6c2dd 100644 --- a/lib/test_lockup.c +++ b/lib/test_lockup.c @@ -417,9 +417,14 @@ static bool test_kernel_ptr(unsigned long addr, int size) return false; /* should be at least readable kernel address */ - if (access_ok((void __user *)ptr, 1) || - access_ok((void __user *)ptr + size - 1, 1) || - get_kernel_nofault(buf, ptr) || + if (!IS_ENABLED(CONFIG_ALTERNATE_USER_ADDRESS_SPACE) && + (access_ok((void __user *)ptr, 1) || + access_ok((void __user *)ptr + size - 1, 1))) { + pr_err("user space ptr invalid in kernel: %#lx\n", addr); + return true; + } + + if (get_kernel_nofault(buf, ptr) || get_kernel_nofault(buf, ptr + size - 1)) { pr_err("invalid kernel ptr: %#lx\n", addr); return true; |