| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <163369938390.3568929.9026666512859787724.b4-ty@ellerman.id.au>
Date: Sat, 09 Oct 2021 00:23:03 +1100
From: Michael Ellerman <patch-notifications@...erman.id.au>
To: Paul Mackerras <paulus@...ba.org>,
Michael Ellerman <mpe@...erman.id.au>,
Christophe Leroy <christophe.leroy@...roup.eu>,
Benjamin Herrenschmidt <benh@...nel.crashing.org>
Cc: Finn Thain <fthain@...ux-m68k.org>, linuxppc-dev@...ts.ozlabs.org,
linux-kernel@...r.kernel.org, Stan Johnson <userm57@...oo.com>
Subject: Re: [PATCH] powerpc/32s: Fix kuap_kernel_restore()
On Wed, 15 Sep 2021 16:12:24 +0200, Christophe Leroy wrote:
> At interrupt exit, kuap_kernel_restore() calls kuap_unclok() with the
> value contained in regs->kuap. However, when regs->kuap contains
> 0xffffffff it means that KUAP was not unlocked so calling
> kuap_unlock() is unrelevant and results in jeopardising the contents
> of kernel space segment registers.
>
> So check that regs->kuap doesn't contain KUAP_NONE before calling
> kuap_unlock(). In the meantime it also means that if KUAP has not
> been correcly locked back at interrupt exit, it must be locked
> before continuing. This is done by checking the content of
> current->thread.kuap which was returned by kuap_get_and_assert_locked()
>
> [...]
Applied to powerpc/fixes.
[1/1] powerpc/32s: Fix kuap_kernel_restore()
https://git.kernel.org/powerpc/c/d93f9e23744b7bf11a98b2ddb091d129482ae179
cheers
Powered by blists - more mailing lists