xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f039dfb51b36a2d7e4ac25e65ffbd03e3ac77a0c
android_kernel_xiaomi_sm8450/arch/sparc/kernel
History
Mathieu Desnoyers 3ddc5b46a8 kernel-wide: fix missing validations on __get/__put/__copy_to/__copy_from_user() 
I found the following pattern that leads in to interesting findings:

  grep -r "ret.*|=.*__put_user" *
  grep -r "ret.*|=.*__get_user" *
  grep -r "ret.*|=.*__copy" *

The __put_user() calls in compat_ioctl.c, ptrace compat, signal compat,
since those appear in compat code, we could probably expect the kernel
addresses not to be reachable in the lower 32-bit range, so I think they
might not be exploitable.

For the "__get_user" cases, I don't think those are exploitable: the worse
that can happen is that the kernel will copy kernel memory into in-kernel
buffers, and will fail immediately afterward.

The alpha csum_partial_copy_from_user() seems to be missing the
access_ok() check entirely.  The fix is inspired from x86.  This could
lead to information leak on alpha.  I also noticed that many architectures
map csum_partial_copy_from_user() to csum_partial_copy_generic(), but I
wonder if the latter is performing the access checks on every
architectures.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Matt Turner <mattst88@gmail.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: David Miller <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-09-11 15:58:18 -07:00
..
.gitignore
sparc: gitignore a few files
2008-12-04 09:17:15 -08:00
apc.c
sparc idle: rename pm_idle to sparc_idle
2013-02-17 23:36:56 -05:00
asm-offsets.c
[PATCH] sparc32: vm_area_struct access for old Sun SPARCs.
2013-07-10 13:56:10 -07:00
audit.c
sparc,sparc64: unify kernel/
2008-12-04 09:17:21 -08:00
auxio_32.c
sparc32: Remove sun4 and sun4c from enum sparc_cpu.
2012-05-12 00:23:23 -07:00
auxio_64.c
sparc: remove __devinit, __devexit annotations
2013-01-12 15:28:45 -08:00
btext.c
sparc: remove several unnecessary module.h include instances
2011-10-31 19:30:54 -04:00
central.c
sparc: remove __devinit, __devexit annotations
2013-01-12 15:28:45 -08:00
cherrs.S
sparc,sparc64: unify kernel/
2008-12-04 09:17:21 -08:00
chmc.c
sparc: remove __devinit, __devexit annotations
2013-01-12 15:28:45 -08:00
compat_audit.c
sparc,sparc64: unify kernel/
2008-12-04 09:17:21 -08:00
cpu.c
sparc64: correctly recognize SPARC64-X chips
2013-03-11 05:06:27 -07:00
cpumap.c
support sparc64x chip type in cpumap.c
2013-07-31 19:10:03 -07:00
cpumap.h
sparc64: fix and optimize irq distribution
2009-06-16 04:56:28 -07:00
devices.c
sparc32: remove sun4c traps
2012-05-11 19:27:46 -07:00
dma.c
sparc: remove several unnecessary module.h include instances
2011-10-31 19:30:54 -04:00
ds.c
sparc: delete __cpuinit/__CPUINIT usage from all users
2013-07-14 19:36:52 -04:00
dtlb_miss.S
sparc,sparc64: unify kernel/
2008-12-04 09:17:21 -08:00
dtlb_prot.S
sparc,sparc64: unify kernel/
2008-12-04 09:17:21 -08:00
ebus.c
sparc: move symbol exporters to use export.h not module.h
2011-10-31 19:30:53 -04:00
entry.h
sparc: delete __cpuinit/__CPUINIT usage from all users
2013-07-14 19:36:52 -04:00
entry.S
sparc32: Fix exit flag passed from traced sys_sigreturn
2013-07-31 19:10:04 -07:00
etrap_32.S
sparc32: introduce support for run-time patching for all shared assembler code
2012-05-27 23:52:49 -07:00
etrap_64.S
sparc64: clear syscall_noerror on the entry to syscall, not on the exit
2012-10-14 19:26:52 -04:00
fpu_traps.S
sparc,sparc64: unify kernel/
2008-12-04 09:17:21 -08:00
ftrace.c
sparc64: Add function graph tracer support.
2010-04-12 22:37:26 -07:00
getsetcc.S
sparc,sparc64: unify kernel/
2008-12-04 09:17:21 -08:00
head_32.S
sparc32: drop swapper_pg_dir
2012-07-26 16:46:15 -07:00
head_64.S
sparc64: correctly recognize SPARC64-X chips
2013-03-11 05:06:27 -07:00
helpers.S
sparc64: Fix perf_arch_get_caller_regs().
2010-08-08 22:07:36 -07:00
hvapi.c
sparc: fix format string argument for prom_printf()
2012-10-02 23:20:34 -04:00
hvcalls.S
sparc64: Add hypervisor interfaces for SPARC-T4 perf counter access.
2012-08-18 23:03:53 -07:00
hvtramp.S
sparc: delete __cpuinit/__CPUINIT usage from all users
2013-07-14 19:36:52 -04:00
idprom.c
sparc: Clear out unused asm/machines.h values.
2012-05-11 20:45:18 -07:00
iommu_common.h
sparc,sparc64: unify kernel/
2008-12-04 09:17:21 -08:00
iommu.c
SPARC: adapt for dma_map_ops changes
2012-03-28 16:36:34 +02:00
ioport.c
procfs: new helper - PDE_DATA(inode)
2013-04-09 14:13:32 -04:00
irq_32.c
sparc32: handle leon in irq_32.c
2012-05-27 23:52:44 -07:00
irq_64.c
sparc: delete __cpuinit/__CPUINIT usage from all users
2013-07-14 19:36:52 -04:00
irq.h
sparc32: remove runtime btfix support
2012-05-14 14:05:09 -07:00
itlb_miss.S
sparc,sparc64: unify kernel/
2008-12-04 09:17:21 -08:00
ivec.S
sparc,sparc64: unify kernel/
2008-12-04 09:17:21 -08:00
jump_label.c
sparc: Fix even more fallout from system.h split.
2012-03-29 22:40:52 -07:00
kernel.h
sparc32: refactor smp boot
2013-02-20 13:36:50 -08:00
kgdb_32.c
sparc: explicitly include sched.h to get task_thread_info declaration
2013-02-06 11:04:10 -08:00
kgdb_64.c
sparc64: cleanup: Rename ret_from_syscall to ret_from_fork
2013-07-31 19:10:04 -07:00
kprobes.c
hlist: drop the node parameter from iterators
2013-02-27 19:10:24 -08:00
kstack.h
sparc64: Run NMIs on the hardirq stack.
2010-04-14 02:04:29 -07:00
ktlb.S
sparc64: Fix ITLB handler of null page
2013-08-02 17:29:06 -07:00
ldc.c
hlist: drop the node parameter from iterators
2013-02-27 19:10:24 -08:00
led.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
leon_kernel.c
sparc32, leon: Remove separate "ticker" timer for SMP
2013-06-19 02:10:29 -07:00
leon_pci_grpci1.c
sparc,leon: Convert to use devm_ioremap_resource
2013-06-19 02:10:30 -07:00
leon_pci_grpci2.c
sparc32,leon: add support for PCI busn resource for GRPCI2
2013-03-20 11:06:53 -07:00
leon_pci.c
sparc32,leon: add support for PCI busn resource for GRPCI2
2013-03-20 11:06:53 -07:00
leon_pmc.c
sparc32, leon: Enable interrupts before going idle to avoid getting stuck
2013-06-19 02:10:29 -07:00
leon_smp.c
sparc: delete __cpuinit/__CPUINIT usage from all users
2013-07-14 19:36:52 -04:00
Makefile
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc
2013-05-04 18:34:13 -07:00
mdesc.c
sparc: delete __cpuinit/__CPUINIT usage from all users
2013-07-14 19:36:52 -04:00
misctrap.S
sparc,sparc64: unify kernel/
2008-12-04 09:17:21 -08:00
module.c
modules: don't hand 0 to vmalloc.
2012-12-14 13:06:43 +10:30
nmi.c
sparc64: Abstract away the %pcr values used to enable/disable NMI
2012-08-18 23:26:19 -07:00
of_device_32.c
sparc32: rename sparc_irq_config to sparc_config
2012-04-15 10:28:49 -07:00
of_device_64.c
devicetree: add helper inline for retrieving a node's full name
2012-07-06 07:16:34 -05:00
of_device_common.c
sparc: move symbol exporters to use export.h not module.h
2011-10-31 19:30:53 -04:00
of_device_common.h
sparc: move of_device common code to of_device_common
2009-06-16 04:56:49 -07:00
pci_common.c
sparc: Remove unnecessary semicolons
2011-06-07 16:06:34 -07:00
pci_fire.c
sparc: remove __devinit, __devexit annotations
2013-01-12 15:28:45 -08:00
pci_impl.h
drivers/of: Constify device_node->name and ->path_component_name
2012-11-17 12:05:57 +00:00
pci_msi.c
sparc: convert old cpumask API into new one
2011-05-16 13:38:07 -07:00
pci_psycho.c
sparc: remove __devinit, __devexit annotations
2013-01-12 15:28:45 -08:00
pci_sabre.c
sparc: remove __devinit, __devexit annotations
2013-01-12 15:28:45 -08:00
pci_schizo.c
sparc: remove __devinit, __devexit annotations
2013-01-12 15:28:45 -08:00
pci_sun4v_asm.S
sparc,sparc64: unify kernel/
2008-12-04 09:17:21 -08:00
pci_sun4v.c
sparc: remove __devinit, __devexit annotations
2013-01-12 15:28:45 -08:00
pci_sun4v.h
sparc,sparc64: unify kernel/
2008-12-04 09:17:21 -08:00
pci.c
Merge tag 'pci-v3.11-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci
2013-07-03 16:31:35 -07:00
pcic.c
sparc: remove __devinit, __devexit annotations
2013-01-12 15:28:45 -08:00
pcr.c
sparc64: Add PCR ops for SPARC-T4.
2012-08-18 23:26:19 -07:00
perf_event.c
sparc64: Make montmul/montsqr/mpmul usable in 32-bit threads.
2012-10-26 15:18:37 -07:00
pmc.c
sparc idle: rename pm_idle to sparc_idle
2013-02-17 23:36:56 -05:00
power.c
sparc: remove __devinit, __devexit annotations
2013-01-12 15:28:45 -08:00
process_32.c
dump_stack: unify debug information printed by show_regs()
2013-04-30 17:04:02 -07:00
process_64.c
sparc/sysrq: fix inconstistent help message of sysrq key
2013-04-30 17:04:10 -07:00
prom_32.c
sparc: remove several unnecessary module.h include instances
2011-10-31 19:30:54 -04:00
prom_64.c
sparc: fix format string argument for prom_printf()
2012-10-02 23:20:34 -04:00
prom_common.c
of: Fix locking vs. interrupts
2013-06-13 22:12:14 +01:00
prom_irqtrans.c
sparc: Remove unnecessary semicolons
2011-06-07 16:06:34 -07:00
prom.h
of/promtree: make drivers/of/pdt.c no longer sparc-only
2010-10-10 21:53:30 -06:00
psycho_common.c
sparc: Remove unnecessary semicolons
2011-06-07 16:06:34 -07:00
psycho_common.h
sparc: remove references to of_device and to_of_device
2010-07-24 09:58:22 -06:00
ptrace_32.c
Disintegrate asm/system.h for Sparc
2012-03-28 18:30:03 +01:00
ptrace_64.c
sparc64: Export flush_ptrace_access() (needed by lustre)
2013-09-05 12:12:51 -07:00
reboot.c
Disintegrate asm/system.h for Sparc
2012-03-28 18:30:03 +01:00
rtrap_32.S
sparc32: introduce support for run-time patching for all shared assembler code
2012-05-27 23:52:49 -07:00
rtrap_64.S
sparc64: Remove trap return code which is now unnecessary.
2012-04-13 13:56:46 -07:00
sbus.c
sparc: kernel/sbus.c: fix memory leakage
2013-01-21 14:33:00 -08:00
setup_32.c
sparc: kernel: using strlcpy() instead of strcpy()
2013-06-19 02:10:29 -07:00
setup_64.c
cpu hw caps support for sparc64x
2013-07-31 19:10:03 -07:00
signal32.c
[regression] braino in "sparc: convert to ksignal"
2013-03-02 02:55:16 -05:00
signal_32.c
sparc: convert to ksignal
2013-02-14 09:21:16 -05:00
signal_64.c
sparc: convert to ksignal
2013-02-14 09:21:16 -05:00
sigutil_32.c
Disintegrate asm/system.h for Sparc
2012-03-28 18:30:03 +01:00
sigutil_64.c
Disintegrate asm/system.h for Sparc
2012-03-28 18:30:03 +01:00
sigutil.h
sparc: Allow handling signals when stack is corrupted.
2011-08-20 17:14:54 -07:00
smp_32.c
sparc: delete __cpuinit/__CPUINIT usage from all users
2013-07-14 19:36:52 -04:00
smp_64.c
sparc: delete __cpuinit/__CPUINIT usage from all users
2013-07-14 19:36:52 -04:00
sparc_ksyms_32.c
sparc32: Implement hard_smp_processor_id() via instruction patching.
2012-05-14 13:31:38 -07:00
sparc_ksyms_64.c
Disintegrate asm/system.h for Sparc
2012-03-28 18:30:03 +01:00
spiterrs.S
sparc,sparc64: unify kernel/
2008-12-04 09:17:21 -08:00
sstate.c
sparc: Set reboot-cmd using reboot data hypervisor call if available.
2011-08-02 21:28:52 -07:00
stacktrace.c
sparc: move symbol exporters to use export.h not module.h
2011-10-31 19:30:53 -04:00
starfire.c
sparc: explicitly cast negative phandle checks to s32
2011-01-03 20:02:06 -07:00
sun4d_irq.c
Include missing linux/slab.h inclusions
2013-04-29 15:42:01 -04:00
sun4d_smp.c
sparc: delete __cpuinit/__CPUINIT usage from all users
2013-07-14 19:36:52 -04:00
sun4m_irq.c
sparc32: remove remaining users of btfixup
2012-05-14 14:05:08 -07:00
sun4m_smp.c
sparc: delete __cpuinit/__CPUINIT usage from all users
2013-07-14 19:36:52 -04:00
sun4v_ivec.S
sparc,sparc64: unify kernel/
2008-12-04 09:17:21 -08:00
sun4v_tlb_miss.S
sparc64: Support transparent huge pages.
2012-10-09 16:23:06 +09:00
sys32.S
unify compat fanotify_mark(2), switch to COMPAT_SYSCALL_DEFINE
2013-05-09 13:46:38 -04:00
sys_sparc32.c
kernel-wide: fix missing validations on __get/__put/__copy_to/__copy_from_user()
2013-09-11 15:58:18 -07:00
sys_sparc_32.c
sparc: switch to use of generic old sigaction
2013-02-03 22:43:35 -05:00
sys_sparc_64.c
mm: remove free_area_cache
2013-07-10 18:11:34 -07:00
syscalls.S
sparc64: Fix not SRA'ed %o5 in 32-bit traced syscall
2013-07-31 19:10:04 -07:00
sysfs.c
sparc: delete __cpuinit/__CPUINIT usage from all users
2013-07-14 19:36:52 -04:00
systbls_32.S
sparc: switch to use of generic old sigaction
2013-02-03 22:43:35 -05:00
systbls_64.S
unify compat fanotify_mark(2), switch to COMPAT_SYSCALL_DEFINE
2013-05-09 13:46:38 -04:00
systbls.h
sparc: switch to generic old sigsuspend
2013-02-03 22:44:37 -05:00
tadpole.c
of/sparc: convert various prom_* functions to use phandle
2010-10-09 02:33:34 -06:00
time_32.c
sparc: remove __devinit, __devexit annotations
2013-01-12 15:28:45 -08:00
time_64.c
sparc: remove __devinit, __devexit annotations
2013-01-12 15:28:45 -08:00
trampoline_32.S
sparc: delete __cpuinit/__CPUINIT usage from all users
2013-07-14 19:36:52 -04:00
trampoline_64.S
sparc64: Fix off by one in trampoline TLB mapping installation loop.
2013-08-22 16:38:46 -07:00
traps_32.c
taint: add explicit flag to show whether lock dep is still OK.
2013-01-21 17:17:57 +10:30
traps_64.c
dump_stack: consolidate dump_stack() implementations and unify their behaviors
2013-04-30 17:04:02 -07:00
tsb.S
sparc64: Fix tsb_grow() in atomic context.
2013-02-20 09:46:08 -08:00
ttable_32.S
sparc32: move trap table to a separate file
2012-05-19 23:27:25 -07:00
ttable_64.S
sparc64: renamed ttable.S to ttable_64.S
2012-05-19 23:26:41 -07:00
una_asm_32.S
sparc32: unaligned memory access (MNA) trap handler bug
2011-02-01 12:39:59 -08:00
una_asm_64.S
sparc: Fix .size directive for do_int_load
2011-03-16 18:19:15 -07:00
unaligned_32.c
Disintegrate asm/system.h for Sparc
2012-03-28 18:30:03 +01:00
unaligned_64.c
sparc64: Make montmul/montsqr/mpmul usable in 32-bit threads.
2012-10-26 15:18:37 -07:00
utrap.S
sparc,sparc64: unify kernel/
2008-12-04 09:17:21 -08:00
vio.c
sparc/kernel/vio.c: add put_device() after device_find_child()
2013-05-04 17:38:18 -07:00
viohs.c
sparc: move symbol exporters to use export.h not module.h
2011-10-31 19:30:53 -04:00
visemul.c
sparc64: Make montmul/montsqr/mpmul usable in 32-bit threads.
2012-10-26 15:18:37 -07:00
vmlinux.lds.S
sparc64: Improvde documentation and readability of atomic backoff code.
2012-10-28 13:04:47 -07:00
windows.c
BKL: remove extraneous #include <smp_lock.h>
2010-11-17 08:59:32 -08:00
winfixup.S
sparc64: Make montmul/montsqr/mpmul usable in 32-bit threads.
2012-10-26 15:18:37 -07:00
wof.S
sparc32: introduce support for run-time patching for all shared assembler code
2012-05-27 23:52:49 -07:00
wuf.S
sparc32: introduce support for run-time patching for all shared assembler code
2012-05-27 23:52:49 -07:00