diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2019-01-08 21:58:29 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2019-01-08 21:58:29 -0500 |
| commit | a88cc8da0279f8e481b0d90e51a0a1cffac55906 (patch) | |
| tree | 4be3f8598d4146e3ea2f4f344a140d9c18f11932 /mm/usercopy.c | |
| parent | 9cb2feb4d21d97386eb25c7b67e2793efcc1e70a (diff) | |
| parent | 73444bc4d8f92e46a20cb6bd3342fc2ea75c6787 (diff) | |
Merge branch 'akpm' (patches from Andrew)
Merge misc fixes from Andrew Morton:
"14 fixes"
* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
mm, page_alloc: do not wake kswapd with zone lock held
hugetlbfs: revert "use i_mmap_rwsem for more pmd sharing synchronization"
hugetlbfs: revert "Use i_mmap_rwsem to fix page fault/truncate race"
mm: page_mapped: don't assume compound page is huge or THP
mm/memory.c: initialise mmu_notifier_range correctly
tools/vm/page_owner: use page_owner_sort in the use example
kasan: fix krealloc handling for tag-based mode
kasan: make tag based mode work with CONFIG_HARDENED_USERCOPY
kasan, arm64: use ARCH_SLAB_MINALIGN instead of manual aligning
mm, memcg: fix reclaim deadlock with writeback
mm/usercopy.c: no check page span for stack objects
slab: alien caches must not be initialized if the allocation of the alien cache failed
fork, memcg: fix cached_stacks case
zram: idle writeback fixes and cleanup
Diffstat (limited to 'mm/usercopy.c')
| -rw-r--r-- | mm/usercopy.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/mm/usercopy.c b/mm/usercopy.c index 852eb4e53f06..14faadcedd06 100644 --- a/mm/usercopy.c +++ b/mm/usercopy.c | |||
| @@ -247,7 +247,8 @@ static DEFINE_STATIC_KEY_FALSE_RO(bypass_usercopy_checks); | |||
| 247 | /* | 247 | /* |
| 248 | * Validates that the given object is: | 248 | * Validates that the given object is: |
| 249 | * - not bogus address | 249 | * - not bogus address |
| 250 | * - known-safe heap or stack object | 250 | * - fully contained by stack (or stack frame, when available) |
| 251 | * - fully within SLAB object (or object whitelist area, when available) | ||
| 251 | * - not in kernel text | 252 | * - not in kernel text |
| 252 | */ | 253 | */ |
| 253 | void __check_object_size(const void *ptr, unsigned long n, bool to_user) | 254 | void __check_object_size(const void *ptr, unsigned long n, bool to_user) |
| @@ -262,9 +263,6 @@ void __check_object_size(const void *ptr, unsigned long n, bool to_user) | |||
| 262 | /* Check for invalid addresses. */ | 263 | /* Check for invalid addresses. */ |
| 263 | check_bogus_address((const unsigned long)ptr, n, to_user); | 264 | check_bogus_address((const unsigned long)ptr, n, to_user); |
| 264 | 265 | ||
| 265 | /* Check for bad heap object. */ | ||
| 266 | check_heap_object(ptr, n, to_user); | ||
| 267 | |||
| 268 | /* Check for bad stack object. */ | 266 | /* Check for bad stack object. */ |
| 269 | switch (check_stack_object(ptr, n)) { | 267 | switch (check_stack_object(ptr, n)) { |
| 270 | case NOT_STACK: | 268 | case NOT_STACK: |
| @@ -282,6 +280,9 @@ void __check_object_size(const void *ptr, unsigned long n, bool to_user) | |||
| 282 | usercopy_abort("process stack", NULL, to_user, 0, n); | 280 | usercopy_abort("process stack", NULL, to_user, 0, n); |
| 283 | } | 281 | } |
| 284 | 282 | ||
| 283 | /* Check for bad heap object. */ | ||
| 284 | check_heap_object(ptr, n, to_user); | ||
| 285 | |||
| 285 | /* Check for object in kernel to avoid text exposure. */ | 286 | /* Check for object in kernel to avoid text exposure. */ |
| 286 | check_kernel_text_object((const unsigned long)ptr, n, to_user); | 287 | check_kernel_text_object((const unsigned long)ptr, n, to_user); |
| 287 | } | 288 | } |