parisc: Revise __get_user() to probe user read access - kernel

diff options

author	John David Anglin <[email protected]>	2025-07-25 17:51:32 +0000
committer	Helge Deller <[email protected]>	2025-07-25 20:45:24 +0000
commit	89f686a0fb6e473a876a9a60a13aec67a62b9a7e (patch)
tree	d0aacf428dc247b16ce05b6845fe3e48fa3a1688 /scripts/bpf_doc.py
parent	parisc: Revise gateway LWS calls to probe user read access (diff)
download	kernel-89f686a0fb6e473a876a9a60a13aec67a62b9a7e.tar.gz kernel-89f686a0fb6e473a876a9a60a13aec67a62b9a7e.zip

parisc: Revise __get_user() to probe user read access

Because of the way read access support is implemented, read access interruptions are only triggered at privilege levels 2 and 3. The kernel executes at privilege level 0, so __get_user() never triggers a read access interruption (code 26). Thus, it is currently possible for user code to access a read protected address via a system call. Fix this by probing read access rights at privilege level 3 (PRIV_USER) and setting __gu_err to -EFAULT (-14) if access isn't allowed. Note the cmpiclr instruction does a 32-bit compare because COND macro doesn't work inside asm. Signed-off-by: John David Anglin <[email protected]> Signed-off-by: Helge Deller <[email protected]> Cc: [email protected] # v5.12+

Diffstat (limited to 'scripts/bpf_doc.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: