diff options
| author |   Linus Torvalds <torvalds@linux-foundation.org> | 2016-08-23 14:32:38 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2016-08-23 14:32:38 -0400 |
| commit | 7a1dcf6adaa7cc4b8cd93a3883267497a77b1051 (patch) | |
| tree | 46c6e1eb307345192732f5701ae7a49b31194cbd | |
| parent | Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 (diff) | |
| parent | usercopy: fix overlap check for kernel text (diff) | |
| download | wireguard-linux-7a1dcf6adaa7cc4b8cd93a3883267497a77b1051.tar.xz wireguard-linux-7a1dcf6adaa7cc4b8cd93a3883267497a77b1051.zip | |
Merge tag 'usercopy-v4.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull hardened usercopy fixes from Kees Cook:
- avoid signed math problems on unexpected compilers
- avoid false positives at very end of kernel text range checks
* tag 'usercopy-v4.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
usercopy: fix overlap check for kernel text
usercopy: avoid potentially undefined behavior in pointer math
Diffstat (limited to '')
| -rw-r--r-- | mm/usercopy.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/mm/usercopy.c b/mm/usercopy.c index 8ebae91a6b55..a3cc3052f830 100644 --- a/mm/usercopy.c +++ b/mm/usercopy.c @@ -83,7 +83,7 @@ static bool overlaps(const void *ptr, unsigned long n, unsigned long low, unsigned long check_high = check_low + n; /* Does not overlap if entirely above or entirely below. */ - if (check_low >= high || check_high < low) + if (check_low >= high || check_high <= low) return false; return true; @@ -124,7 +124,7 @@ static inline const char *check_kernel_text_object(const void *ptr, static inline const char *check_bogus_address(const void *ptr, unsigned long n) { /* Reject if object wraps past end of memory. */ - if (ptr + n < ptr) + if ((unsigned long)ptr + n < (unsigned long)ptr) return "<wrapped address>"; /* Reject if NULL or ZERO-allocation. */ |