lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20211108233501.11516-2-chang.seok.bae@intel.com>
Date:   Mon,  8 Nov 2021 15:35:00 -0800
From:   "Chang S. Bae" <chang.seok.bae@...el.com>
To:     linux-kernel@...r.kernel.org
Cc:     x86@...nel.org, tglx@...utronix.de, dave.hansen@...ux.intel.com,
        bp@...en8.de, mingo@...hat.com, yang.zhong@...el.com,
        jing2.liu@...el.com, chang.seok.bae@...el.com
Subject: [PATCH 1/2] x86/arch_prctl: Fix ARCH_REQ_XCOMP_PERM

ARCH_REQ_XCOMP_PERM is supposed to add the requested feature to the
permission bitmap of thread_group_leader()->fpu. The master permission
field is assumed to be used only instead of each task's fpu->perm field.

But the code updates the current task's bitmap instead of the group
leader's. It also does overwrite the bitmap with the requested feature bit
only rather than adding it.

Fix the code to add the request feature bit to the correct bitmap.

Reported-by: Yang Zhong <yang.zhong@...el.com>
Fixes: db8268df0983 ("x86/arch_prctl: Add controls for dynamic XSTATE components")
Signed-off-by: Chang S. Bae <chang.seok.bae@...el.com>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: x86@...nel.org
Cc: linux-kernel@...r.kernel.org
---
 arch/x86/kernel/fpu/xstate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
index d28829403ed0..f02c999049c8 100644
--- a/arch/x86/kernel/fpu/xstate.c
+++ b/arch/x86/kernel/fpu/xstate.c
@@ -1626,7 +1626,7 @@ static int __xstate_request_perm(u64 permitted, u64 requested)
 		return ret;
 
 	/* Pairs with the READ_ONCE() in xstate_get_group_perm() */
-	WRITE_ONCE(fpu->perm.__state_perm, requested);
+	WRITE_ONCE(current->group_leader->thread.fpu.perm.__state_perm, mask);
 	/* Protected by sighand lock */
 	fpu->perm.__state_size = ksize;
 	fpu->perm.__user_state_size = usize;
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ