Commit 4c981077 authored Jul 25, 2025 by John David Anglin Committed by Greg Kroah-Hartman Aug 28, 2025

parisc: Revise __get_user() to probe user read access



commit 89f686a0 upstream.

Because of the way read access support is implemented, read access
interruptions are only triggered at privilege levels 2 and 3. The
kernel executes at privilege level 0, so __get_user() never triggers
a read access interruption (code 26). Thus, it is currently possible
for user code to access a read protected address via a system call.

Fix this by probing read access rights at privilege level 3 (PRIV_USER)
and setting __gu_err to -EFAULT (-14) if access isn't allowed.

Note the cmpiclr instruction does a 32-bit compare because COND macro
doesn't work inside asm.

Signed-off-by: John David Anglin <dave.anglin@bell.net>
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@vger.kernel.org # v5.12+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent d6ac1e11

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit ce2b36d4
· Nov 05, 2025

mentioned in commit ce2b36d4

mentioned in commit ce2b36d4e09680a95a26962f0ddb3edd4bc8ae28

Toggle commit list

Please to comment