mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-09-04 20:19:47 +08:00
4012e77a90
A NMI can hit in the middle of context switching or in the middle of switch_mm_irqs_off(). In either case, CR3 might not match current->mm, which could cause copy_from_user_nmi() and friends to read the wrong memory. Fix it by adding a new nmi_uaccess_okay() helper and checking it in copy_from_user_nmi() and in __copy_from_user_nmi()'s callers. Signed-off-by: Andy Lutomirski <luto@kernel.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Rik van Riel <riel@surriel.com> Cc: Nadav Amit <nadav.amit@gmail.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Jann Horn <jannh@google.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/dd956eba16646fd0b15c3c0741269dfd84452dac.1535557289.git.luto@kernel.org |
||
|---|---|---|
| .. | ||
| .gitignore | ||
| atomic64_32.c | ||
| atomic64_386_32.S | ||
| atomic64_cx8_32.S | ||
| cache-smp.c | ||
| checksum_32.S | ||
| clear_page_64.S | ||
| cmdline.c | ||
| cmpxchg8b_emu.S | ||
| cmpxchg16b_emu.S | ||
| copy_page_64.S | ||
| copy_user_64.S | ||
| cpu.c | ||
| csum-copy_64.S | ||
| csum-partial_64.c | ||
| csum-wrappers_64.c | ||
| delay.c | ||
| error-inject.c | ||
| getuser.S | ||
| hweight.S | ||
| inat.c | ||
| insn-eval.c | ||
| insn.c | ||
| iomap_copy_64.S | ||
| kaslr.c | ||
| Makefile | ||
| memcpy_32.c | ||
| memcpy_64.S | ||
| memmove_64.S | ||
| memset_64.S | ||
| misc.c | ||
| mmx_32.c | ||
| msr-reg-export.c | ||
| msr-reg.S | ||
| msr-smp.c | ||
| msr.c | ||
| putuser.S | ||
| retpoline.S | ||
| rwsem.S | ||
| string_32.c | ||
| strstr_32.c | ||
| usercopy_32.c | ||
| usercopy_64.c | ||
| usercopy.c | ||
| x86-opcode-map.txt | ||