[Precise][CVE-2013-6282][PATCH 0/2] ARM: 7527/1: uaccess: explicitly check __user pointer when !CPU_USE_DOMAINS
Luis Henriques
luis.henriques at canonical.com
Thu Nov 28 16:01:51 UTC 2013
Following this email, I'm sending 2 patches to fix CVE-2013-6282 in
Precise:
- 4e7682d "ARM: 7301/1: Rename the T() macro to TUSER() to avoid namespace conflicts"
This is just a simple macro rename which isn't really required but
helps making the actual CVE fix a clean cherry-pick. Although this
patch is a little bit scary (and huge!), it looks harmless and
simply does what the title claims: rename T() to TUSER(). But
hey! My ARM assembly knowledge is very limited to say the least!
- 8404663 "ARM: 7527/1: uaccess: explicitly check __user pointer when !CPU_USE_DOMAINS"
This is the actual fix for the CVE -- a clean cherry-pick after the
first patch is applied.
If people think this is too many changes for fixing this CVE, I can
try to backport the 2nd patch dropping the 1st one.
Catalin Marinas (1):
ARM: 7301/1: Rename the T() macro to TUSER() to avoid namespace
conflicts
Russell King (1):
ARM: 7527/1: uaccess: explicitly check __user pointer when
!CPU_USE_DOMAINS
arch/arm/include/asm/assembler.h | 12 +++++-
arch/arm/include/asm/domain.h | 8 ++--
arch/arm/include/asm/futex.h | 8 ++--
arch/arm/include/asm/uaccess.h | 56 +++++++++++++++++----------
arch/arm/lib/getuser.S | 27 ++++++++-----
arch/arm/lib/putuser.S | 34 ++++++++++-------
arch/arm/lib/uaccess.S | 82 ++++++++++++++++++++--------------------
7 files changed, 131 insertions(+), 96 deletions(-)
--
1.8.3.2
More information about the kernel-team
mailing list