linux/arch/x86
Linus Torvalds d869844bd0 x86: fix special __probe_kernel_write() tail zeroing case
Commit cae2a173fe ("x86: clean up/fix 'copy_in_user()' tail zeroing")
fixed the failure case tail zeroing of one special case of the x86-64
generic user-copy routine, namely when used for the user-to-user case
("copy_in_user()").

But in the process it broke an even more unusual case: using the user
copy routine for kernel-to-kernel copying.

Now, normally kernel-kernel copies are obviously done using memcpy(),
but we have a couple of special cases when we use the user-copy
functions.  One is when we pass a kernel buffer to a regular user-buffer
routine, using set_fs(KERNEL_DS).  That's a "normal" case, and continued
to work fine, because it never takes any faults (with the possible
exception of a silent and successful vmalloc fault).

But Jan Beulich pointed out another, very unusual, special case: when we
use the user-copy routines not because it's a path that expects a user
pointer, but for a couple of ftrace/kgdb cases that want to do a kernel
copy, but do so using "unsafe" buffers, and use the user-copy routine to
gracefully handle faults.  IOW, for probe_kernel_write().

And that broke for the case of a faulting kernel destination, because we
saw the kernel destination and wanted to try to clear the tail of the
buffer.  Which doesn't work, since that's what faults.

This only triggers for things like kgdb and ftrace users (eg trying
setting a breakpoint on read-only memory), but it's definitely a bug.
The fix is to not compare against the kernel address start (TASK_SIZE),
but instead use the same limits "access_ok()" uses.

Reported-and-tested-by: Jan Beulich <jbeulich@suse.com>
Cc: stable@vger.kernel.org # 4.0
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-04-24 06:58:27 -07:00
..
boot Merge branch 'x86-boot-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-04-13 13:19:10 -07:00
configs x86/build/defconfig: Enable USB_EHCI_TT_NEWSCHED=y 2015-02-19 02:21:14 +01:00
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2015-04-15 10:42:15 -07:00
ia32 x86/asm/entry: Zero EXTRA_REGS for stub32_execve() too 2015-04-09 10:31:24 +02:00
include Some virtio internal cleanups, a new virtio device "virtio input", and 2015-04-22 10:55:06 -07:00
kernel TTY/Serial patches for 4.1-rc1 2015-04-21 09:33:10 -07:00
kvm Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-04-13 11:08:28 -07:00
lguest Some virtio internal cleanups, a new virtio device "virtio input", and 2015-04-22 10:55:06 -07:00
lib x86: fix special __probe_kernel_write() tail zeroing case 2015-04-24 06:58:27 -07:00
math-emu
mm mm: move memtest under mm 2015-04-14 16:49:06 -07:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-12-10 15:48:20 -05:00
oprofile x86/asm/entry: Change all 'user_mode_vm()' calls to 'user_mode()' 2015-03-23 11:14:17 +01:00
pci PCI changes for the v4.1 merge window: 2015-04-13 15:45:47 -07:00
platform TTY/Serial patches for 4.1-rc1 2015-04-21 09:33:10 -07:00
power x86/asm/entry: Rename 'init_tss' to 'cpu_tss' 2015-03-06 08:32:58 +01:00
purgatory Merge branches 'x86-build-for-linus', 'x86-cleanups-for-linus' and 'x86-debug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-12-10 12:35:46 -08:00
realmode Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-02-16 14:58:12 -08:00
syscalls xen: features and fixes for 4.1-rc0 2015-04-16 14:01:03 -05:00
tools x86, build: replace Perl script with Shell script 2015-01-26 13:37:18 -08:00
um Merge branch 'exec_domain_rip_v2' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/misc 2015-04-15 13:53:55 -07:00
vdso Merge branch 'x86-vdso-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-04-13 13:36:45 -07:00
video
xen xen: features and fixes for 4.1-rc0 2015-04-16 14:01:03 -05:00
.gitignore
Kbuild
Kconfig Merge branch 'x86-pmem-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-04-18 11:42:49 -04:00
Kconfig.cpu
Kconfig.debug x86, intel-mid: remove Intel MID specific serial support 2015-03-07 03:25:18 +01:00
Makefile kbuild: use relative path more to include Makefile 2015-04-02 16:42:08 +02:00
Makefile_32.cpu
Makefile.um kbuild: use relative path more to include Makefile 2015-04-02 16:42:08 +02:00