| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <lsq.1461711744.374453258@decadent.org.uk>
Date: Wed, 27 Apr 2016 01:02:24 +0200
From: Ben Hutchings <ben@...adent.org.uk>
To: linux-kernel@...r.kernel.org, stable@...r.kernel.org
CC: akpm@...ux-foundation.org, "Helge Deller" <deller@....de>,
"Kees Cook" <keescook@...omium.org>
Subject: [PATCH 3.2 075/115] parisc: Fix kernel crash with reversed
copy_from_user()
3.2.80-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Helge Deller <deller@....de>
commit ef72f3110d8b19f4c098a0bff7ed7d11945e70c6 upstream.
The kernel module testcase (lib/test_user_copy.c) exhibited a kernel
crash on parisc if the parameters for copy_from_user were reversed
("illegal reversed copy_to_user" testcase).
Fix this potential crash by checking the fault handler if the faulting
address is in the exception table.
Signed-off-by: Helge Deller <deller@....de>
Cc: Kees Cook <keescook@...omium.org>
Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
---
arch/parisc/kernel/traps.c | 3 +++
1 file changed, 3 insertions(+)
--- a/arch/parisc/kernel/traps.c
+++ b/arch/parisc/kernel/traps.c
@@ -817,6 +817,9 @@ void notrace handle_interruption(int cod
if (fault_space == 0 && !in_atomic())
{
+ /* Clean up and return if in exception table. */
+ if (fixup_exception(regs))
+ return;
pdc_chassis_send_status(PDC_CHASSIS_DIRECT_PANIC);
parisc_terminate("Kernel Fault", regs, code, fault_address);
}
Powered by blists - more mailing lists