mirror of https://gitee.com/openkylin/linux.git
Fixes for hardened usercopy:
- avoid signed math problems on unexpected compilers - avoid false positives at very end of kernel text range checks -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Kees Cook <kees@outflux.net> iQIcBAABCgAGBQJXu7MGAAoJEIly9N/cbcAmARgP/ArvNIY66hLgESmerZlvDjJC Iip8497f9bsKYgz+6DmHyRzJwJafN2hwIrRh2rnS1oHI48KLTFYP5N8RigPGvn8u ixHpCMlEBV2zIkne1rtPDUkAHFgDc3j5zvg0ra/YGmFbhTlwTci67COYsq0PaSY/ LLMRt7gK5NjHxD+X6H7ORyL34gLtQOgAQw96wPeaO4HZ8YEecOR8LsMUw+IrGbbo KclXNO+v2t+ROCUOZukKG+2h02EuMzW3BLnX+FAVLeJgwrjgsd/6mRVkBlnjYDRP GDKlw2X5QlyDj+Kz/mHiYVuAJTMbN18y2kns7MQoPmozmtVet4YYXtGL/MRmHHW3 fh5KLuLyF59HY/1OLqQ/6Nxz7ggm5MuPMCF8brfFPlblFBO/OLKOrry/lptKzvwm /5Lp2tVmH/w5+WdKsZM6gNbTsaC7HxKMlXodi+kHpCO7BF23j+fJLsCCPgNjwRyH B6pxN4bk5gK2Xd1yRxSPt64BJ+Jt995EddP0dY6+UIhliSrQPHtilTe9Ht0nTFnG Ar1pei3iSPpp91euVt6Glc5nLktryJ8AL6OEyp847he6C84k/R8lk2gu14iHO/U6 WLa9nOCVuQBLifHOv/oKQSBHt6dezjvmi93cY9/3B//SYC5SxzA6vqoNgmLaBEle Hb3ZTQ77FCq3PE7Ty712 =5CiX -----END PGP SIGNATURE----- Merge tag 'usercopy-v4.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull hardened usercopy fixes from Kees Cook: - avoid signed math problems on unexpected compilers - avoid false positives at very end of kernel text range checks * tag 'usercopy-v4.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: usercopy: fix overlap check for kernel text usercopy: avoid potentially undefined behavior in pointer math
This commit is contained in:
commit
7a1dcf6ada
|
@ -83,7 +83,7 @@ static bool overlaps(const void *ptr, unsigned long n, unsigned long low,
|
|||
unsigned long check_high = check_low + n;
|
||||
|
||||
/* Does not overlap if entirely above or entirely below. */
|
||||
if (check_low >= high || check_high < low)
|
||||
if (check_low >= high || check_high <= low)
|
||||
return false;
|
||||
|
||||
return true;
|
||||
|
@ -124,7 +124,7 @@ static inline const char *check_kernel_text_object(const void *ptr,
|
|||
static inline const char *check_bogus_address(const void *ptr, unsigned long n)
|
||||
{
|
||||
/* Reject if object wraps past end of memory. */
|
||||
if (ptr + n < ptr)
|
||||
if ((unsigned long)ptr + n < (unsigned long)ptr)
|
||||
return "<wrapped address>";
|
||||
|
||||
/* Reject if NULL or ZERO-allocation. */
|
||||
|
|
Loading…
Reference in New Issue