RE: [PATCH v4.19.x] make 'user_access_begin()' do 'access_ok()'

From: Ashwin H
Date: Wed May 13 2020 - 13:08:24 EST

Next message: Shuah Khan: "[ANN] linux-arts v2.0 update"
Previous message: Fabio Estevam: "Re: [PATCH 2/3] drm/etnaviv: Don't ignore errors on getting clocks"
In reply to: Greg KH: "Re: [PATCH v4.19.x] make 'user_access_begin()' do 'access_ok()'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Ok, but what does that mean for us?
>
> You need to say why you are sending a patch, otherwise we will guess wrong.

In drivers/gpu/drm/i915/i915_gem_execbuffer.c, ioctl functions does user_access_begin() without doing access_ok(Checks if a user space pointer is valid) first.
A local attacker can craft a malicious ioctl function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation (CVE-2018-20669)

This patch makes sure that user_access_begin always does access_ok.
user_access_begin has been modified to do access_ok internally.

Thanks,
Ashwin

Next message: Shuah Khan: "[ANN] linux-arts v2.0 update"
Previous message: Fabio Estevam: "Re: [PATCH 2/3] drm/etnaviv: Don't ignore errors on getting clocks"
In reply to: Greg KH: "Re: [PATCH v4.19.x] make 'user_access_begin()' do 'access_ok()'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]