| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 May 2016 16:47:46 +0200
From: Martin Schwidefsky <schwidefsky@...ibm.com>
To: Michal Hocko <mhocko@...nel.org>
Cc: Oleg Nesterov <oleg@...hat.com>, Aleksa Sarai <asarai@...e.de>,
LKML <linux-kernel@...r.kernel.org>,
Heiko Carstens <heiko.carstens@...ibm.com>,
linux-s390@...r.kernel.org, Ingo Molnar <mingo@...e.hu>,
Thomas Gleixner <tglx@...utronix.de>,
"H. Peter Anvin" <hpa@...or.com>, x86@...nel.org
Subject: Re: [PATCH] s390: fix info leak in do_sigsegv
On Mon, 23 May 2016 15:43:20 +0200
Michal Hocko <mhocko@...nel.org> wrote:
> OK, Martin would prefer a simple patch so here we go.
> ---
> From de1ad037f3181e795ef0e66a61b8fbe1157f66cc Mon Sep 17 00:00:00 2001
> From: Michal Hocko <mhocko@...e.com>
> Date: Mon, 23 May 2016 15:35:51 +0200
> Subject: [PATCH] s390: fix info leak in do_sigsegv
>
> Aleksa has reported incorrect si_errno value when stracing task which
> received SIGSEGV:
> [pid 20799] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_errno=2510266, si_addr=0x100000000000000}
>
> The reason seems to be that do_sigsegv is not initializing siginfo
> structure defined on the stack completely so it will leak 4B of
> the previous stack content. Fix it simply by initializing si_errno
> to 0 (same as do_sigbus does already).
>
> Cc: stable # introduced pre-git times
> Reported-by: Aleksa Sarai <asarai@...e.de>
> Signed-off-by: Michal Hocko <mhocko@...e.com>
> ---
> arch/s390/mm/fault.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/arch/s390/mm/fault.c b/arch/s390/mm/fault.c
> index 7a3144017301..19288c1b36d3 100644
> --- a/arch/s390/mm/fault.c
> +++ b/arch/s390/mm/fault.c
> @@ -250,6 +250,7 @@ static noinline void do_sigsegv(struct pt_regs *regs, int si_code)
>
> report_user_fault(regs, SIGSEGV, 1);
> si.si_signo = SIGSEGV;
> + si.si_errno = 0;
> si.si_code = si_code;
> si.si_addr = (void __user *)(regs->int_parm_long & __FAIL_ADDR_MASK);
> force_sig_info(SIGSEGV, &si, current);
Applied to linux-s390:fixes. Thanks.
--
blue skies,
Martin.
"Reality continues to ruin my life." - Calvin.
Powered by blists - more mailing lists