Merge tag 'usercopy-v4.8-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull usercopy hardening fix from Kees Cook: "Expand the arm64 vmalloc check to include skipping the module space too" * tag 'usercopy-v4.8-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: mm: usercopy: Check for module addresses
author: Linus Torvalds <torvalds@linux-foundation.org> 2016-09-20 17:11:19 -0700
committer: Linus Torvalds <torvalds@linux-foundation.org> 2016-09-20 17:11:19 -0700
commit: 7d1e042314619115153a0f6f06e4552c09a50e13 (patch)
tree: 25d4271356edf0fe0f519393582328dc74859bbc
parent: e23d4159b109167126e5bcd7f3775c95de7fee47 (diff)
parent: aa4f0601115319a52c80f468c8f007e5aa9277cb (diff)
download: linux-richacl-7d1e042314619115153a0f6f06e4552c09a50e13.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/mm/usercopy.c b/mm/usercopy.c
index 089328f2b9209e..3c8da0af969593 100644
--- a/mm/usercopy.c
+++ b/mm/usercopy.c
@@ -207,8 +207,11 @@ static inline const char *check_heap_object(const void *ptr, unsigned long n,
 	 * Some architectures (arm64) return true for virt_addr_valid() on
 	 * vmalloced addresses. Work around this by checking for vmalloc
 	 * first.
+	 *
+	 * We also need to check for module addresses explicitly since we
+	 * may copy static data from modules to userspace
 	 */
-	if (is_vmalloc_addr(ptr))
+	if (is_vmalloc_or_module_addr(ptr))
 		return NULL;
 
 	if (!virt_addr_valid(ptr))
author	Linus Torvalds <torvalds@linux-foundation.org>	2016-09-20 17:11:19 -0700
committer	Linus Torvalds <torvalds@linux-foundation.org>	2016-09-20 17:11:19 -0700
commit	7d1e042314619115153a0f6f06e4552c09a50e13 (patch)
tree	25d4271356edf0fe0f519393582328dc74859bbc
parent	e23d4159b109167126e5bcd7f3775c95de7fee47 (diff)
parent	aa4f0601115319a52c80f468c8f007e5aa9277cb (diff)
download	linux-richacl-7d1e042314619115153a0f6f06e4552c09a50e13.tar.gz