Re: [PATCH] x86: Fix 32-bit compatible userspace write size overflow error

From: H. Peter Anvin
Date: Wed Nov 15 2023 - 23:32:53 EST

Next message: Paul Moore: "Re: [PATCH v5 10/23] security: Introduce inode_post_setattr hook"
Previous message: kernel test robot: "Re: [PATCH 6/7] ARM: dts: qcom: apq8026-samsung-milletwifi: Enable Wi-Fi and Bluetooth"
In reply to: Jinjie Ruan: "[PATCH] x86: Fix 32-bit compatible userspace write size overflow error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It's not clear to me that this is actually the correct behavior; the important thing is that it faults (as nothing is mapped above 4 GB anyway.)

-hpa

On 11/15/23 02:56, Jinjie Ruan wrote:

For 32-bit compatible userspace program, write with size = -1 return not
-1 but unexpected other values, which is due to the __access_ok() check is
insufficient. The specified "ptr + size" is greater than 32-bit limit and
should return -EFAULT, but it is not checked and can not catch the overflow
error.

Fix above error by checking 32-bit limit if it is 32-bit compatible
userspace program.

-hpa

Next message: Paul Moore: "Re: [PATCH v5 10/23] security: Introduce inode_post_setattr hook"
Previous message: kernel test robot: "Re: [PATCH 6/7] ARM: dts: qcom: apq8026-samsung-milletwifi: Enable Wi-Fi and Bluetooth"
In reply to: Jinjie Ruan: "[PATCH] x86: Fix 32-bit compatible userspace write size overflow error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]