ACK: [PATCH 0/2] efi_runtime: Don't deref userland addresses

[Colin Ian King]

On 21/10/14 12:50, Matt Fleming wrote:
> From: Matt Fleming <matt.fleming at intel.com>
> 
> We're currently carrying the following patches in the meta-luv layer of
> the Linux UEFI Validation project to fix issues encountered when running
> fwts on Intel hardware with the Supervisor Mode Access Prevention (SMAP)
> feature.
> 
> SMAP causes the efi_runtime driver to fault if it directly dereferences
> userland addresses without going through the get_user/put_user()
> accessor functions, e.g. when going through two-levels of pointer
> indirection. The idea being that, if the kernel is accessing userland
> addresses directly, it's a potential exploit attempt.
> 
> The correct fix is to simply copy structs containing pointers to an
> in-kernel copy and then perform a single level of indirection with the
> usual get_user/put_user() accessors.
> 
> Colin King kindly requested that I send these patches out. Sorry for the
> delay in getting these upstream.
> 
> Matt Fleming (1):
>   efi_runtime: Don't use get_user() on non-pointer
> 
> Pradeep Gaddam (1):
>   efi_runtime: Copied the structure from userland locally in kernel
>     space
> 
>  efi_runtime/efi_runtime.c | 50 ++++++++++++++++++++++++++++-------------------
>  1 file changed, 30 insertions(+), 20 deletions(-)
> 

Thanks Matt, much appreciated.

Both patches:

Acked-by: Colin Ian King <colin.king at canonical.com>