summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVineet Gupta <vgupta@synopsys.com>2013-09-26 18:50:40 +0530
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2013-10-18 07:45:45 -0700
commita683a93b1ce0b86944a51a1b8f787aa684836edb (patch)
treeab37081886b889ab612bd8da08b868b2896b3a44
parent5cd12e7776183668bd92a5f5fe102113d3bb599a (diff)
downloadlinux-3.10-a683a93b1ce0b86944a51a1b8f787aa684836edb.tar.gz
linux-3.10-a683a93b1ce0b86944a51a1b8f787aa684836edb.tar.bz2
linux-3.10-a683a93b1ce0b86944a51a1b8f787aa684836edb.zip
ARC: Fix 32-bit wrap around in access_ok()
commit 0752adfda15f0eca9859a76da3db1800e129ad43 upstream. Anton reported | LTP tests syscalls/process_vm_readv01 and process_vm_writev01 fail | similarly in one testcase test_iov_invalid -> lvec->iov_base. | Testcase expects errno EFAULT and return code -1, | but it gets return code 1 and ERRNO is 0 what means success. Essentially test case was passing a pointer of -1 which access_ok() was not catching. It was doing [@addr + @sz <= TASK_SIZE] which would pass for @addr == -1 Fixed that by rewriting as [@addr <= TASK_SIZE - @sz] Reported-by: Anton Kolesov <Anton.Kolesov@synopsys.com> Signed-off-by: Vineet Gupta <vgupta@synopsys.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat
-rw-r--r--arch/arc/include/asm/uaccess.h4
1 files changed, 2 insertions, 2 deletions
diff --git a/arch/arc/include/asm/uaccess.h b/arch/arc/include/asm/uaccess.h
index 32420824375..30c9baffa96 100644
--- a/arch/arc/include/asm/uaccess.h
+++ b/arch/arc/include/asm/uaccess.h
@@ -43,7 +43,7 @@
* Because it essentially checks if buffer end is within limit and @len is
* non-ngeative, which implies that buffer start will be within limit too.
*
- * The reason for rewriting being, for majorit yof cases, @len is generally
+ * The reason for rewriting being, for majority of cases, @len is generally
* compile time constant, causing first sub-expression to be compile time
* subsumed.
*
@@ -53,7 +53,7 @@
*
*/
#define __user_ok(addr, sz) (((sz) <= TASK_SIZE) && \
- (((addr)+(sz)) <= get_fs()))
+ ((addr) <= (get_fs() - (sz))))
#define __access_ok(addr, sz) (unlikely(__kernel_ok) || \
likely(__user_ok((addr), (sz))))
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-04 16:09:15 +0000