DivestOS/Patches/Linux_CVEs/CVE-2016-8483/3.10/1.patch

49 lines
1.7 KiB
Diff
Raw Normal View History

From 7e147f4532394f06c3d7bce9cc6e682785754e45 Mon Sep 17 00:00:00 2001
From: Mohammed Khajapasha <mkhaja@codeaurora.org>
Date: Tue, 28 Jun 2016 11:55:34 +0530
Subject: msm-core: use get_user() API to read userspace data/settings
Currently userspace data is getting accessed directly
and leading to crash, So use get_user() API to copy
userspace data/settings to kernel space.
Change-Id: I3a75ec9503d8207829640bf88e1c3160bf72c9f0
Signed-off-by: Mohammed Khajapasha <mkhaja@codeaurora.org>
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
---
drivers/power/qcom/msm-core.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/power/qcom/msm-core.c b/drivers/power/qcom/msm-core.c
index 406f097..f644950 100644
--- a/drivers/power/qcom/msm-core.c
+++ b/drivers/power/qcom/msm-core.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014-2015, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2014-2016, The Linux Foundation. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 and
@@ -441,14 +441,15 @@ static long msm_core_ioctl(struct file *file, unsigned int cmd,
struct sched_params __user *argp = (struct sched_params __user *)arg;
int i, cpu = num_possible_cpus();
int mpidr;
- int cpumask;
+ int cluster, cpumask;
if (!argp)
return -EINVAL;
- mpidr = (argp->cluster << (MAX_CORES_PER_CLUSTER *
+ get_user(cluster, &argp->cluster);
+ mpidr = (cluster << (MAX_CORES_PER_CLUSTER *
MAX_NUM_OF_CLUSTERS));
- cpumask = argp->cpumask;
+ get_user(cpumask, &argp->cpumask);
switch (cmd) {
case EA_LEAKAGE:
--
cgit v1.1