summaryrefslogtreecommitdiff
path: root/MAINTAINERS
diff options
context:
space:
mode:
authorDavid Laight <David.Laight@ACULAB.COM>2024-11-24 15:39:00 +0000
committerLinus Torvalds <torvalds@linux-foundation.org>2024-11-25 12:19:05 -0800
commit573f45a9f9a47fed4c7957609689b772121b33d7 (patch)
tree04df07bfaaddc1df21cc9f99179b7c5b7e395ed8 /MAINTAINERS
parent43a43faf5376114161aa684834d24e06da596287 (diff)
downloadlwn-573f45a9f9a47fed4c7957609689b772121b33d7.tar.gz
lwn-573f45a9f9a47fed4c7957609689b772121b33d7.zip
x86: fix off-by-one in access_ok()
When the size isn't a small constant, __access_ok() will call valid_user_address() with the address after the last byte of the user buffer. It is valid for a buffer to end with the last valid user address so valid_user_address() must allow accesses to the base of the guard page. [ This introduces an off-by-one in the other direction for the plain non-sized accesses, but since we have that guard region that is a whole page, those checks "allowing" accesses to that guard region don't really matter. The access will fault anyway, whether to the guard page or if the address has been masked to all ones - Linus ] Fixes: 86e6b1547b3d0 ("x86: fix user address masking non-canonical speculation issue") Signed-off-by: David Laight <david.laight@aculab.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'MAINTAINERS')
0 files changed, 0 insertions, 0 deletions