www.infradead.org Git - users/dwmw2/linux.git/commit

author	Peter Zijlstra <peterz@infradead.org>
	Thu, 29 Aug 2019 08:24:45 +0000 (10:24 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 21 Sep 2019 05:18:47 +0000 (07:18 +0200)
commit	4bdb9988ad3855294c63f7fc5b631cf5e1dc02d5
tree	2d44132947eda7636c791438eba503ca68fef62c	tree
parent	4dabe50389c45c2882cf7e7aec91bdf337719eaf	commit \| diff

x86/uaccess: Don't leak the AC flags into __get_user() argument evaluation

[ Upstream commit 9b8bd476e78e89c9ea26c3b435ad0201c3d7dbf5 ]

Identical to __put_user(); the __get_user() argument evalution will too
leak UBSAN crud into the __uaccess_begin() / __uaccess_end() region.
While uncommon this was observed to happen for:

drivers/xen/gntdev.c: if (__get_user(old_status, batch->status[i]))

where UBSAN added array bound checking.

This complements commit:

6ae865615fc4 ("x86/uaccess: Dont leak the AC flag into __put_user() argument evaluation")

Tested-by Sedat Dilek <sedat.dilek@gmail.com>
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: broonie@kernel.org
Cc: sfr@canb.auug.org.au
Cc: akpm@linux-foundation.org
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: mhocko@suse.cz
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Link: https://lkml.kernel.org/r/20190829082445.GM2369@hirez.programming.kicks-ass.net
Signed-off-by: Sasha Levin <sashal@kernel.org>