| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Feb 2015 13:43:11 +0000 From: Jamie Garside <jamie.garside@...k.ac.uk> To: linux-kernel@...r.kernel.org Subject: [PATCH] /arch/microblaze/kernel/entry.S kernel 3.14 Fix crash when calling invalid syscall ID There appears to be a couple of bugs in the initial syscall handler on Microblaze when passing an invalid syscall ID. The code at line 351 should check for a syscall ID above __NR_syscalls, then jump to the error exit routine. In this case, _user_exception returns using the wrong register (r15 instead of r14), and doesn't clean up the stack, causing the running user-land to hang. Additionally, it does not cause an error if the syscall ID is negative (as can be returned from do_syscall_trace_enter), causing the kernel to attempt to jump to an invalid syscall handler and cause a kernel oops. This patch adds a check for negative syscall ID, and modifies the error exit to jump to ret_from_trap instead (as would happen after a successful syscall) to perform cleanup, returning -ENOSYS. I believe this should be safe in this condition. This patch has been edited against the Linux 3.14 code, but a glance over the git logs shows this file has not been changed in the past two years, hence this patch should be safe for the most recent kernel version. Thanks, Jamie -- Jamie Garside Department of Computer Science University of York United Kingdom Disclaimer: http://www.york.ac.uk/about/legal-statements/email-disclaimer/ Download attachment "entry.S.patch" of type "application/octet-stream" (1645 bytes) Download attachment "README" of type "application/octet-stream" (98 bytes)
Powered by blists - more mailing lists