diff options
| author | Chen Lifu <[email protected]> | 2022-06-15 09:47:14 +0800 |
|---|---|---|
| committer | Palmer Dabbelt <[email protected]> | 2022-08-10 14:06:31 -0700 |
| commit | c08b4848f596fd95543197463b5162bd7bab2442 (patch) | |
| tree | 2646264133159290bbcf4fda50a370fa37ff0d29 /tools/perf/util/trace-event-scripting.c | |
| parent | 4d1044fcb996e8de9b9ab392f4a767890e45202d (diff) | |
riscv: lib: uaccess: fix CSR_STATUS SR_SUM bit
Since commit 5d8544e2d007 ("RISC-V: Generic library routines and assembly")
and commit ebcbd75e3962 ("riscv: Fix the bug in memory access fixup code"),
if __clear_user and __copy_user return from an fixup branch,
CSR_STATUS SR_SUM bit will be set, it is a vulnerability, so that
S-mode memory accesses to pages that are accessible by U-mode will success.
Disable S-mode access to U-mode memory should clear SR_SUM bit.
Fixes: 5d8544e2d007 ("RISC-V: Generic library routines and assembly")
Fixes: ebcbd75e3962 ("riscv: Fix the bug in memory access fixup code")
Signed-off-by: Chen Lifu <[email protected]>
Reviewed-by: Ben Dooks <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Cc: [email protected]
Signed-off-by: Palmer Dabbelt <[email protected]>
Diffstat (limited to 'tools/perf/util/trace-event-scripting.c')
0 files changed, 0 insertions, 0 deletions