Re: [PATCH v15 09/17] fs, arm64: untag user pointers in copy_mount_options

From: Catalin Marinas
Date: Wed May 22 2019 - 08:11:58 EST

Next message: Stefan Roese: "[PATCH 2/2] tty/serial/8250: use mctrl_gpio helpers"
Previous message: Alexandre Belloni: "[PATCH v2] usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, May 06, 2019 at 06:30:55PM +0200, Andrey Konovalov wrote:
> This patch is a part of a series that extends arm64 kernel ABI to allow to
> pass tagged user pointers (with the top byte set to something else other
> than 0x00) as syscall arguments.
>
> In copy_mount_options a user address is being subtracted from TASK_SIZE.
> If the address is lower than TASK_SIZE, the size is calculated to not
> allow the exact_copy_from_user() call to cross TASK_SIZE boundary.
> However if the address is tagged, then the size will be calculated
> incorrectly.
>
> Untag the address before subtracting.
>
> Signed-off-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx>

Reviewed-by: Catalin Marinas <catalin.marinas@xxxxxxx>

Next message: Stefan Roese: "[PATCH 2/2] tty/serial/8250: use mctrl_gpio helpers"
Previous message: Alexandre Belloni: "[PATCH v2] usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]