diff mbox

[v2] arm64: fix missing __user in compat_vfp_set()

Message ID 20170629142447.juiwwut4yhfsdbmo@ltop.local (mailing list archive)
State New, archived
Headers show

Commit Message

Luc Van Oostenryck June 29, 2017, 2:24 p.m. UTC
compat_vfp_set() is a helper writting some values via put_user()
and put_user() need a pointer annotated with '__user'.
The buffer used by the helper is correctly annotated with '__user'
but need to be casted to a real type before being given to
put_user().

The problem is that this cast lack a '__user' annotation.

Fix this by adding the missing '__user'.

Signed-off-by: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>

---
Change since v1:
- rebase against arm64/for-next/core
- drop the change for compat_vfp_get() which is no more needed
---
 arch/arm64/kernel/ptrace.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Dave Martin June 29, 2017, 2:34 p.m. UTC | #1
On Thu, Jun 29, 2017 at 04:24:48PM +0200, Luc Van Oostenryck wrote:
> compat_vfp_set() is a helper writting some values via put_user()
> and put_user() need a pointer annotated with '__user'.
> The buffer used by the helper is correctly annotated with '__user'
> but need to be casted to a real type before being given to
> put_user().
> 
> The problem is that this cast lack a '__user' annotation.
> 
> Fix this by adding the missing '__user'.
> 
> Signed-off-by: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>

Apologies, I has half a reply written and then realised this issue was
less straightforward that I first thought.  I have an alternate patch,
see [1].

Cheers
---Dave

[1] [PATCH 0/3] Miscellaneous minor compat ptrace fixes
http://lists.infradead.org/pipermail/linux-arm-kernel/2017-June/516592.html

> 
> ---
> Change since v1:
> - rebase against arm64/for-next/core
> - drop the change for compat_vfp_get() which is no more needed
> ---
>  arch/arm64/kernel/ptrace.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
> index 35846f155..3a323e2b9 100644
> --- a/arch/arm64/kernel/ptrace.c
> +++ b/arch/arm64/kernel/ptrace.c
> @@ -946,7 +946,7 @@ static int compat_vfp_set(struct task_struct *target,
>  				 VFP_STATE_SIZE - sizeof(compat_ulong_t));
>  
>  	if (count && !ret) {
> -		ret = get_user(fpscr, (compat_ulong_t *)ubuf);
> +		ret = get_user(fpscr, (compat_ulong_t __user *)ubuf);
>  		uregs->fpsr = fpscr & VFP_FPSCR_STAT_MASK;
>  		uregs->fpcr = fpscr & VFP_FPSCR_CTRL_MASK;
>  	}
> -- 
> 2.13.0
> 
> 
> 
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
Luc Van Oostenryck June 29, 2017, 4:23 p.m. UTC | #2
On Thu, Jun 29, 2017 at 03:34:06PM +0100, Dave Martin wrote:
> On Thu, Jun 29, 2017 at 04:24:48PM +0200, Luc Van Oostenryck wrote:
> > compat_vfp_set() is a helper writting some values via put_user()
> > and put_user() need a pointer annotated with '__user'.
> > The buffer used by the helper is correctly annotated with '__user'
> > but need to be casted to a real type before being given to
> > put_user().
> > 
> > The problem is that this cast lack a '__user' annotation.
> > 
> > Fix this by adding the missing '__user'.
> > 
> > Signed-off-by: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
> 
> Apologies, I has half a reply written and then realised this issue was
> less straightforward that I first thought.  I have an alternate patch,
> see [1].

Ah yes.
I saw the now asymmetry between the set/copyout and the set/copyin
and I was a bit surprised by it.

Your new version look better (but I can't judge more than the look).

-- Luc
diff mbox

Patch

diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index 35846f155..3a323e2b9 100644
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -946,7 +946,7 @@  static int compat_vfp_set(struct task_struct *target,
 				 VFP_STATE_SIZE - sizeof(compat_ulong_t));
 
 	if (count && !ret) {
-		ret = get_user(fpscr, (compat_ulong_t *)ubuf);
+		ret = get_user(fpscr, (compat_ulong_t __user *)ubuf);
 		uregs->fpsr = fpscr & VFP_FPSCR_STAT_MASK;
 		uregs->fpcr = fpscr & VFP_FPSCR_CTRL_MASK;
 	}