| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Jun 2020 15:24:57 +0200
From: Heiko Carstens <heiko.carstens@...ibm.com>
To: "Dmitry V. Levin" <ldv@...linux.org>
Cc: Vasily Gorbik <gor@...ux.ibm.com>,
Christian Borntraeger <borntraeger@...ibm.com>,
Elvira Khabirova <lineprinter@...linux.org>,
Eugene Syromyatnikov <evgsyr@...il.com>,
linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] s390: fix syscall_get_error for compat processes
On Tue, Jun 02, 2020 at 09:00:51PM +0300, Dmitry V. Levin wrote:
> If both the tracer and the tracee are compat processes, and gprs[2]
> is assigned a value by __poke_user_compat, then the higher 32 bits
> of gprs[2] are cleared, IS_ERR_VALUE() always returns false, and
> syscall_get_error() always returns 0.
>
> Fix the implementation by sign-extending the value for compat processes
> the same way as x86 implementation does.
>
> The bug was exposed to user space by commit 201766a20e30f ("ptrace: add
> PTRACE_GET_SYSCALL_INFO request") and detected by strace test suite.
>
> This change fixes strace syscall tampering on s390.
>
> Fixes: 753c4dd6a2fa2 ("[S390] ptrace changes")
> Cc: Elvira Khabirova <lineprinter@...linux.org>
> Cc: stable@...r.kernel.org # v2.6.28+
> Signed-off-by: Dmitry V. Levin <ldv@...linux.org>
> ---
> arch/s390/include/asm/syscall.h | 12 +++++++++++-
> 1 file changed, 11 insertions(+), 1 deletion(-)
Applied, thank you!
Powered by blists - more mailing lists