CC stable.
This needs picking up for 6.12
Head commit 573f45a9f9a47 applied by Linus with a modified commit message.
David
-----Original Message----- From: David Laight Sent: 24 November 2024 15:39 To: 'Linus Torvalds' torvalds@linux-foundation.org; 'Andrew Cooper' andrew.cooper3@citrix.com; 'bp@alien8.de' bp@alien8.de; 'Josh Poimboeuf' jpoimboe@kernel.org Cc: 'x86@kernel.org' x86@kernel.org; 'linux-kernel@vger.kernel.org' linux-kernel@vger.kernel.org; 'Arnd Bergmann' arnd@kernel.org; 'Mikel Rychliski' mikel@mikelr.com; 'Thomas Gleixner' tglx@linutronix.de; 'Ingo Molnar' mingo@redhat.com; 'Borislav Petkov' bp@alien8.de; 'Dave Hansen' dave.hansen@linux.intel.com; 'H. Peter Anvin' hpa@zytor.com Subject: [PATCH v2] x86: Allow user accesses to the base of the guard page
__access_ok() calls valid_user_address() with the address after the last byte of the user buffer. It is valid for a buffer to end with the last valid user address so valid_user_address() must allow accesses to the base of the guard page.
Fixes: 86e6b1547b3d0 ("x86: fix user address masking non-canonical speculation issue") Signed-off-by: David Laight david.laight@aculab.com
v2: Rewritten commit message.
arch/x86/kernel/cpu/common.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 06a516f6795b..ca327cfa42ae 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -2389,12 +2389,12 @@ void __init arch_cpu_finalize_init(void) alternative_instructions();
if (IS_ENABLED(CONFIG_X86_64)) {
unsigned long USER_PTR_MAX = TASK_SIZE_MAX-1;
unsigned long USER_PTR_MAX = TASK_SIZE_MAX;/*
- Enable this when LAM is gated on LASS support
if (cpu_feature_enabled(X86_FEATURE_LAM))
USER_PTR_MAX = (1ul << 63) - PAGE_SIZE - 1;
USER_PTR_MAX = (1ul << 63) - PAGE_SIZE;-- 2.17.1
- Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
linux-stable-mirror@lists.linaro.org
-
David Laight