| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tip-98c0fad9d60e8b2cd47e15b7bee7df343648f5bb@git.kernel.org>
Date: Tue, 26 Sep 2017 01:37:29 -0700
From: tip-bot for Eric Biggers <tipbot@...or.com>
To: linux-tip-commits@...r.kernel.org
Cc: mingo@...nel.org, haokexin@...il.com, peterz@...radead.org,
linux-kernel@...r.kernel.org, riel@...hat.com,
keescook@...omium.org, ebiggers3@...il.com, mhalcrow@...gle.com,
fenghua.yu@...el.com, luto@...capital.net, yu-cheng.yu@...el.com,
luto@...nel.org, ebiggers@...gle.com, tglx@...utronix.de,
oleg@...hat.com, dvyukov@...gle.com, hpa@...or.com,
dave.hansen@...ux.intel.com, wanpeng.li@...mail.com, bp@...en8.de,
torvalds@...ux-foundation.org, akpm@...ux-foundation.org
Subject: [tip:x86/fpu] x86/fpu: Use validate_xstate_header() to validate the
xstate_header in copy_user_to_xstate()
Commit-ID: 98c0fad9d60e8b2cd47e15b7bee7df343648f5bb
Gitweb: http://git.kernel.org/tip/98c0fad9d60e8b2cd47e15b7bee7df343648f5bb
Author: Eric Biggers <ebiggers@...gle.com>
AuthorDate: Sun, 24 Sep 2017 12:59:12 +0200
Committer: Ingo Molnar <mingo@...nel.org>
CommitDate: Tue, 26 Sep 2017 09:43:48 +0200
x86/fpu: Use validate_xstate_header() to validate the xstate_header in copy_user_to_xstate()
Tighten the checks in copy_user_to_xstate().
Signed-off-by: Eric Biggers <ebiggers@...gle.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Andy Lutomirski <luto@...capital.net>
Cc: Andy Lutomirski <luto@...nel.org>
Cc: Borislav Petkov <bp@...en8.de>
Cc: Dave Hansen <dave.hansen@...ux.intel.com>
Cc: Dmitry Vyukov <dvyukov@...gle.com>
Cc: Eric Biggers <ebiggers3@...il.com>
Cc: Fenghua Yu <fenghua.yu@...el.com>
Cc: Kees Cook <keescook@...omium.org>
Cc: Kevin Hao <haokexin@...il.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Michael Halcrow <mhalcrow@...gle.com>
Cc: Oleg Nesterov <oleg@...hat.com>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Rik van Riel <riel@...hat.com>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Wanpeng Li <wanpeng.li@...mail.com>
Cc: Yu-cheng Yu <yu-cheng.yu@...el.com>
Cc: kernel-hardening@...ts.openwall.com
Link: http://lkml.kernel.org/r/20170924105913.9157-10-mingo@kernel.org
Signed-off-by: Ingo Molnar <mingo@...nel.org>
---
arch/x86/kernel/fpu/xstate.c | 16 +++++-----------
1 file changed, 5 insertions(+), 11 deletions(-)
diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
index b6d78b7..f1d5476 100644
--- a/arch/x86/kernel/fpu/xstate.c
+++ b/arch/x86/kernel/fpu/xstate.c
@@ -1188,16 +1188,15 @@ int copy_kernel_to_xstate(struct xregs_state *xsave, const void *kbuf)
}
/*
- * Convert from a ptrace standard-format user-space buffer to kernel XSAVES format
- * and copy to the target thread. This is called from xstateregs_set() and
- * there we check the CPU has XSAVES and a whole standard-sized buffer
- * exists.
+ * Convert from a ptrace or sigreturn standard-format user-space buffer to
+ * kernel XSAVES format and copy to the target thread. This is called from
+ * xstateregs_set(), as well as potentially from the sigreturn() and
+ * rt_sigreturn() system calls.
*/
int copy_user_to_xstate(struct xregs_state *xsave, const void __user *ubuf)
{
unsigned int offset, size;
int i;
- u64 allowed_features;
struct xstate_header hdr;
offset = offsetof(struct xregs_state, header);
@@ -1206,12 +1205,7 @@ int copy_user_to_xstate(struct xregs_state *xsave, const void __user *ubuf)
if (__copy_from_user(&hdr, ubuf + offset, size))
return -EFAULT;
- /*
- * Reject if the user sets any disabled or supervisor features:
- */
- allowed_features = xfeatures_mask & ~XFEATURE_MASK_SUPERVISOR;
-
- if (hdr.xfeatures & ~allowed_features)
+ if (validate_xstate_header(&hdr))
return -EINVAL;
for (i = 0; i < XFEATURE_MAX; i++) {
Powered by blists - more mailing lists