[PATCH] Fix msr check in compat_sys_swapcontext - Kernel

This is a discussion on [PATCH] Fix msr check in compat_sys_swapcontext - Kernel ; The new context may not be 16-byte aligned, so the real address of the mcontext structure should be read from the uc_regs pointer instead of directly using the (unaligned) uc_mcontext field. Signed-off-by: Andreas Schwab --- diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c index ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: [PATCH] Fix msr check in compat_sys_swapcontext

  1. [PATCH] Fix msr check in compat_sys_swapcontext

    The new context may not be 16-byte aligned, so the real address of the
    mcontext structure should be read from the uc_regs pointer instead of
    directly using the (unaligned) uc_mcontext field.

    Signed-off-by: Andreas Schwab

    ---
    diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c
    index a6a4310..dc10720 100644
    --- a/arch/powerpc/kernel/signal_32.c
    +++ b/arch/powerpc/kernel/signal_32.c
    @@ -941,9 +941,17 @@ long sys_swapcontext(struct ucontext __user *old_ctx,
    #ifdef CONFIG_PPC64
    unsigned long new_msr = 0;

    - if (new_ctx &&
    - get_user(new_msr, &new_ctx->uc_mcontext.mc_gregs[PT_MSR]))
    - return -EFAULT;
    + if (new_ctx) {
    + struct mcontext __user *mcp;
    + u32 cmcp;
    +
    + /* Get pointer to the real mcontext. */
    + if (__get_user(cmcp, &new_ctx->uc_regs))
    + return -EFAULT;
    + mcp = (struct mcontext __user *)(u64)cmcp;
    + if (__get_user(new_msr, &mcp->mc_gregs[PT_MSR]))
    + return -EFAULT;
    + }
    /*
    * Check that the context is not smaller than the original
    * size (with VMX but without VSX)

    --
    Andreas Schwab, SuSE Labs, schwab@suse.de
    SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
    PGP key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
    "And now for something completely different."
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  2. Re: [PATCH] Fix msr check in compat_sys_swapcontext

    Andreas Schwab writes:

    > The new context may not be 16-byte aligned, so the real address of the
    > mcontext structure should be read from the uc_regs pointer instead of
    > directly using the (unaligned) uc_mcontext field.


    Good catch, but...

    > @@ -941,9 +941,17 @@ long sys_swapcontext(struct ucontext __user *old_ctx,
    > #ifdef CONFIG_PPC64
    > unsigned long new_msr = 0;
    >
    > - if (new_ctx &&
    > - get_user(new_msr, &new_ctx->uc_mcontext.mc_gregs[PT_MSR]))
    > - return -EFAULT;
    > + if (new_ctx) {
    > + struct mcontext __user *mcp;
    > + u32 cmcp;
    > +
    > + /* Get pointer to the real mcontext. */
    > + if (__get_user(cmcp, &new_ctx->uc_regs))


    we need to use get_user, not __get_user, since we haven't done an
    access_ok() check on the address.

    > + return -EFAULT;
    > + mcp = (struct mcontext __user *)(u64)cmcp;
    > + if (__get_user(new_msr, &mcp->mc_gregs[PT_MSR]))


    ditto here.

    Paul.
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  3. Re: [PATCH] Fix msr check in compat_sys_swapcontext

    Paul Mackerras writes:

    > we need to use get_user, not __get_user, since we haven't done an
    > access_ok() check on the address.


    The address is always ok since its a compat pointer, see do_setcontext.

    Andreas.

    --
    Andreas Schwab, SuSE Labs, schwab@suse.de
    SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
    PGP key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
    "And now for something completely different."
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  4. Re: [PATCH] Fix msr check in compat_sys_swapcontext

    Paul Mackerras writes:

    > Andreas Schwab writes:
    >
    >> Paul Mackerras writes:
    >>
    >> > we need to use get_user, not __get_user, since we haven't done an
    >> > access_ok() check on the address.

    >>
    >> The address is always ok since its a compat pointer, see do_setcontext.

    >
    > OK, since it's inside a CONFIG_PPC64 block. I'll add a paragraph to
    > the patch description pointing that out.


    How about this:

    diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c
    index a6a4310..b13abf3 100644
    --- a/arch/powerpc/kernel/signal_32.c
    +++ b/arch/powerpc/kernel/signal_32.c
    @@ -941,9 +941,21 @@ long sys_swapcontext(struct ucontext __user *old_ctx,
    #ifdef CONFIG_PPC64
    unsigned long new_msr = 0;

    - if (new_ctx &&
    - get_user(new_msr, &new_ctx->uc_mcontext.mc_gregs[PT_MSR]))
    - return -EFAULT;
    + if (new_ctx) {
    + struct mcontext __user *mcp;
    + u32 cmcp;
    +
    + /*
    + * Get pointer to the real mcontext. No need for
    + * access_ok since we are dealing with compat
    + * pointers.
    + */
    + if (__get_user(cmcp, &new_ctx->uc_regs))
    + return -EFAULT;
    + mcp = (struct mcontext __user *)(u64)cmcp;
    + if (__get_user(new_msr, &mcp->mc_gregs[PT_MSR]))
    + return -EFAULT;
    + }
    /*
    * Check that the context is not smaller than the original
    * size (with VMX but without VSX)

    Andreas.

    --
    Andreas Schwab, SuSE Labs, schwab@suse.de
    SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
    PGP key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
    "And now for something completely different."
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  5. Re: [PATCH] Fix msr check in compat_sys_swapcontext

    Andreas Schwab writes:

    > Paul Mackerras writes:
    >
    > > we need to use get_user, not __get_user, since we haven't done an
    > > access_ok() check on the address.

    >
    > The address is always ok since its a compat pointer, see do_setcontext.


    OK, since it's inside a CONFIG_PPC64 block. I'll add a paragraph to
    the patch description pointing that out.

    Paul.
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

+ Reply to Thread