[Acked] [Precise][CVE-2013-6282][PATCH 0/2] ARM: 7527/1: uaccess: explicitly check __user pointer when !CPU_USE_DOMAINS
apw at canonical.com
Thu Nov 28 16:56:22 UTC 2013
On Thu, Nov 28, 2013 at 04:01:51PM +0000, Luis Henriques wrote:
> Following this email, I'm sending 2 patches to fix CVE-2013-6282 in
> - 4e7682d "ARM: 7301/1: Rename the T() macro to TUSER() to avoid namespace conflicts"
> This is just a simple macro rename which isn't really required but
> helps making the actual CVE fix a clean cherry-pick. Although this
> patch is a little bit scary (and huge!), it looks harmless and
> simply does what the title claims: rename T() to TUSER(). But
> hey! My ARM assembly knowledge is very limited to say the least!
> - 8404663 "ARM: 7527/1: uaccess: explicitly check __user pointer when !CPU_USE_DOMAINS"
> This is the actual fix for the CVE -- a clean cherry-pick after the
> first patch is applied.
> If people think this is too many changes for fixing this CVE, I can
> try to backport the 2nd patch dropping the 1st one.
> Catalin Marinas (1):
> ARM: 7301/1: Rename the T() macro to TUSER() to avoid namespace
> Russell King (1):
> ARM: 7527/1: uaccess: explicitly check __user pointer when
> arch/arm/include/asm/assembler.h | 12 +++++-
> arch/arm/include/asm/domain.h | 8 ++--
> arch/arm/include/asm/futex.h | 8 ++--
> arch/arm/include/asm/uaccess.h | 56 +++++++++++++++++----------
> arch/arm/lib/getuser.S | 27 ++++++++-----
> arch/arm/lib/putuser.S | 34 ++++++++++-------
> arch/arm/lib/uaccess.S | 82 ++++++++++++++++++++--------------------
> 7 files changed, 131 insertions(+), 96 deletions(-)
Ye gads they are horribly large, but the CVE is nasty. As they are both
cherry-picks I guess we can be reasonably happy with them. That said
we need to get some proper testing on our arm kit for this kernel when
Acked-by: Andy Whitcroft <apw at canonical.com>
More information about the kernel-team