lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 6 Nov 2008 11:52:13 +1100
From:	Paul Mackerras <paulus@...ba.org>
To:	Andreas Schwab <schwab@...e.de>
Cc:	linuxppc-dev@...abs.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Fix msr check in compat_sys_swapcontext

Andreas Schwab writes:

> The new context may not be 16-byte aligned, so the real address of the
> mcontext structure should be read from the uc_regs pointer instead of
> directly using the (unaligned) uc_mcontext field.

Good catch, but...

> @@ -941,9 +941,17 @@ long sys_swapcontext(struct ucontext __user *old_ctx,
>  #ifdef CONFIG_PPC64
>  	unsigned long new_msr = 0;
>  
> -	if (new_ctx &&
> -	    get_user(new_msr, &new_ctx->uc_mcontext.mc_gregs[PT_MSR]))
> -		return -EFAULT;
> +	if (new_ctx) {
> +		struct mcontext __user *mcp;
> +		u32 cmcp;
> +
> +		/* Get pointer to the real mcontext. */
> +		if (__get_user(cmcp, &new_ctx->uc_regs))

we need to use get_user, not __get_user, since we haven't done an
access_ok() check on the address.

> +			return -EFAULT;
> +		mcp = (struct mcontext __user *)(u64)cmcp;
> +		if (__get_user(new_msr, &mcp->mc_gregs[PT_MSR]))

ditto here.

Paul.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ