mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-21 10:01:00 +00:00
Code Issues Releases Wiki Activity
linux-stable/arch
History
Chen Lifu 044f8ff30e riscv: lib: uaccess: fix CSR_STATUS SR_SUM bit 
[ Upstream commit c08b4848f5 ]

Since commit 5d8544e2d0 ("RISC-V: Generic library routines and assembly")
and commit ebcbd75e39 ("riscv: Fix the bug in memory access fixup code"),
if __clear_user and __copy_user return from an fixup branch,
CSR_STATUS SR_SUM bit will be set, it is a vulnerability, so that
S-mode memory accesses to pages that are accessible by U-mode will success.
Disable S-mode access to U-mode memory should clear SR_SUM bit.

Fixes: 5d8544e2d0 ("RISC-V: Generic library routines and assembly")
Fixes: ebcbd75e39 ("riscv: Fix the bug in memory access fixup code")
Signed-off-by: Chen Lifu <chenlifu@huawei.com>
Reviewed-by: Ben Dooks <ben.dooks@codethink.co.uk>
Link: https://lore.kernel.org/r/20220615014714.1650349-1-chenlifu@huawei.com
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-08-31 17:16:36 +02:00
..
alpha tty: the rest, stop using tty_schedule_flip() 2022-07-29 17:25:32 +02:00
arc ARC: entry: fix syscall_trace_exit argument 2022-04-27 14:39:00 +02:00
arm ARM: remove some dead code 2022-08-17 14:24:23 +02:00
arm64 KVM: arm64: Reject 32bit user PSTATE on asymmetric systems 2022-08-25 11:40:29 +02:00
csky csky/kprobe: reclaim insn_slot on kprobe unregistration 2022-08-25 11:40:38 +02:00
h8300
hexagon uaccess: fix integer overflow on access_ok() 2022-03-28 09:58:45 +02:00
ia64 ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr() 2022-08-17 14:22:57 +02:00
m68k m68k: coldfire/device.c: protect FLEXCAN blocks 2022-08-25 11:40:05 +02:00
microblaze uaccess: fix nios2 and microblaze get_user_8() 2022-04-08 14:23:18 +02:00
mips MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 2022-08-25 11:40:46 +02:00
nds32 nds32: fix access_ok() checks in get/put_user 2022-03-28 09:58:46 +02:00
nios2 nios2: add force_successful_syscall_return() 2022-08-25 11:40:19 +02:00
openrisc openrisc: io: Define iounmap argument as volatile 2022-08-25 11:40:38 +02:00
parisc parisc: Fix exception handler for fldw and fstw instructions 2022-08-31 17:16:33 +02:00
powerpc powerpc/64: Init jump labels before parse_early_param() 2022-08-25 11:40:45 +02:00
riscv riscv: lib: uaccess: fix CSR_STATUS SR_SUM bit 2022-08-31 17:16:36 +02:00
s390 Revert "s390/smp: enforce lowcore protection on CPU restart" 2022-08-17 14:24:30 +02:00
sh sh: convert nommu io{re,un}map() to static inline functions 2022-07-21 21:24:14 +02:00
sparc signal: Deliver SIGTRAP on perf event asynchronously if blocked 2022-06-09 10:22:48 +02:00
um um: add "noreboot" command line option for PANIC_TIMEOUT=-1 setups 2022-08-25 11:40:37 +02:00
x86 x86/entry: Move CLD to the start of the idtentry macro 2022-08-31 17:16:34 +02:00
xtensa xtensa: iss: fix handling error cases in iss_net_configure() 2022-08-17 14:23:52 +02:00
.gitignore
Kconfig arch: make TRACE_IRQFLAGS_NMI_SUPPORT generic 2022-08-17 14:23:00 +02:00