[Acked] [Precise][CVE-2013-6282][PATCH 0/2] ARM: 7527/1: uaccess: explicitly check __user pointer when !CPU_USE_DOMAINS

Andy Whitcroft apw at canonical.com
Thu Nov 28 16:56:22 UTC 2013


On Thu, Nov 28, 2013 at 04:01:51PM +0000, Luis Henriques wrote:
> Following this email, I'm sending 2 patches to fix CVE-2013-6282 in
> Precise:
> 
>  - 4e7682d "ARM: 7301/1: Rename the T() macro to TUSER() to avoid namespace conflicts"
>    This is just a simple macro rename which isn't really required but
>    helps making the actual CVE fix a clean cherry-pick.  Although this
>    patch is a little bit scary (and huge!), it looks harmless and
>    simply does what the title claims: rename T() to TUSER().   But
>    hey!  My ARM assembly knowledge is very limited to say the least!
> 
>  - 8404663 "ARM: 7527/1: uaccess: explicitly check __user pointer when !CPU_USE_DOMAINS"
>    This is the actual fix for the CVE -- a clean cherry-pick after the
>    first patch is applied.
> 
> If people think this is too many changes for fixing this CVE, I can
> try to backport the 2nd patch dropping the 1st one.
> 
> Catalin Marinas (1):
>   ARM: 7301/1: Rename the T() macro to TUSER() to avoid namespace
>     conflicts
> 
> Russell King (1):
>   ARM: 7527/1: uaccess: explicitly check __user pointer when
>     !CPU_USE_DOMAINS
> 
>  arch/arm/include/asm/assembler.h | 12 +++++-
>  arch/arm/include/asm/domain.h    |  8 ++--
>  arch/arm/include/asm/futex.h     |  8 ++--
>  arch/arm/include/asm/uaccess.h   | 56 +++++++++++++++++----------
>  arch/arm/lib/getuser.S           | 27 ++++++++-----
>  arch/arm/lib/putuser.S           | 34 ++++++++++-------
>  arch/arm/lib/uaccess.S           | 82 ++++++++++++++++++++--------------------
>  7 files changed, 131 insertions(+), 96 deletions(-)

Ye gads they are horribly large, but the CVE is nasty.  As they are both
cherry-picks I guess we can be reasonably happy with them.  That said
we need to get some proper testing on our arm kit for this kernel when
it hits.

Acked-by: Andy Whitcroft <apw at canonical.com>

-apw




More information about the kernel-team mailing list