lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 3 Sep 2017 11:06:32 +0200 (CEST) From: Thomas Gleixner <tglx@...utronix.de> To: Linus Torvalds <torvalds@...ux-foundation.org> cc: LKML <linux-kernel@...r.kernel.org>, Ingo Molnar <mingo@...nel.org>, "H. Peter Anvin" <hpa@...or.com> Subject: [GIT pull] x86 fixes for 4.13 Linus, please pull the latest x86-urgent-for-linus git tree from: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86-urgent-for-linus This update contains: - Expand the space for uncompressing as the LZ4 worst case does not fit into the currently reserved space. - Validate boot parameters more strictly to prevent out of bound access in the decompressor/boot code. - Fix off by one errors in get_segment_base(). Thanks, tglx ------------------> Dan Carpenter (1): x86/ldt: Fix off by one in get_segment_base() Jan H. Schönherr (2): x86/boot: Provide more slack space during decompression x86/boot: Prevent faulty bootparams.screeninfo from causing harm arch/x86/boot/compressed/misc.c | 3 +-- arch/x86/boot/header.S | 8 +++++++- arch/x86/events/core.c | 7 ++----- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c index a0838ab929f2..c14217cd0155 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -116,8 +116,7 @@ void __putstr(const char *s) } } - if (boot_params->screen_info.orig_video_mode == 0 && - lines == 0 && cols == 0) + if (lines == 0 || cols == 0) return; x = boot_params->screen_info.orig_x; diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index 2ed8f0c25def..1bb08ecffd24 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -520,8 +520,14 @@ pref_address: .quad LOAD_PHYSICAL_ADDR # preferred load addr # the description in lib/decompressor_xxx.c for specific information. # # extra_bytes = (uncompressed_size >> 12) + 65536 + 128 +# +# LZ4 is even worse: data that cannot be further compressed grows by 0.4%, +# or one byte per 256 bytes. OTOH, we can safely get rid of the +128 as +# the size-dependent part now grows so fast. +# +# extra_bytes = (uncompressed_size >> 8) + 65536 -#define ZO_z_extra_bytes ((ZO_z_output_len >> 12) + 65536 + 128) +#define ZO_z_extra_bytes ((ZO_z_output_len >> 8) + 65536) #if ZO_z_output_len > ZO_z_input_len # define ZO_z_extract_offset (ZO_z_output_len + ZO_z_extra_bytes - \ ZO_z_input_len) diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c index af12e294caed..939050169d12 100644 --- a/arch/x86/events/core.c +++ b/arch/x86/events/core.c @@ -2335,12 +2335,9 @@ static unsigned long get_segment_base(unsigned int segment) #ifdef CONFIG_MODIFY_LDT_SYSCALL struct ldt_struct *ldt; - if (idx > LDT_ENTRIES) - return 0; - /* IRQs are off, so this synchronizes with smp_store_release */ ldt = lockless_dereference(current->active_mm->context.ldt); - if (!ldt || idx > ldt->nr_entries) + if (!ldt || idx >= ldt->nr_entries) return 0; desc = &ldt->entries[idx]; @@ -2348,7 +2345,7 @@ static unsigned long get_segment_base(unsigned int segment) return 0; #endif } else { - if (idx > GDT_ENTRIES) + if (idx >= GDT_ENTRIES) return 0; desc = raw_cpu_ptr(gdt_page.gdt) + idx;
Powered by blists - more mailing lists