On Tue, Sep 12, 2017 at 11:27 AM, Will Deacon <[email protected]> wrote: > Hi Kees, > > On Thu, Sep 07, 2017 at 08:30:47AM -0700, Kees Cook wrote: >> From: Thomas Garnier <[email protected]> >> >> A bug was reported on ARM where set_fs might be called after it was >> checked on the work pending function. ARM64 is not affected by this bug >> but has a similar construct. In order to avoid any similar problems in >> the future, the addr_limit_user_check function is moved at the beginning >> of the loop. >> >> Fixes: cf7de27ab351 ("arm64/syscalls: Check address limit on user-mode >> return") >> Reported-by: Leonard Crestez <[email protected]> >> Signed-off-by: Thomas Garnier <[email protected]> >> Signed-off-by: Kees Cook <[email protected]> >> --- >> arch/arm64/kernel/signal.c | 6 +++--- >> 1 file changed, 3 insertions(+), 3 deletions(-) > > What's the plan for this series? It looks like somehow an old v2 of the > original series made it into mainline, so I'd like to see these fixes get > in ASAP. I'm still slightly nervous about pathological setting of the > FSCHECK flag due to e.g. a PMU IRQ causing a livelock in do_notify_resume, > but that's at least less likely with this fix :/
Hi! I resent this to Ingo to pick up for -tip. I think he's waiting for -rc1, IIUC. Ingo, can you comment on timing for this getting sent to Linus? -Kees -- Kees Cook Pixel Security
