lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 16 Dec 2021 17:44:34 -0000
From:   "tip-bot2 for Andrew Cooper" <tip-bot2@...utronix.de>
To:     linux-tip-commits@...r.kernel.org
Cc:     Andrew Cooper <andrew.cooper3@...rix.com>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        stable@...r.kernel.org, x86@...nel.org,
        linux-kernel@...r.kernel.org
Subject: [tip: x86/urgent] x86/pkey: Fix undefined behaviour with PKRU_WD_BIT

The following commit has been merged into the x86/urgent branch of tip:

Commit-ID:     7aa3e3011ef3e0a9c36417eafca7894a028e5df6
Gitweb:        https://git.kernel.org/tip/7aa3e3011ef3e0a9c36417eafca7894a028e5df6
Author:        Andrew Cooper <andrew.cooper3@...rix.com>
AuthorDate:    Thu, 16 Dec 2021 00:08:56 
Committer:     Dave Hansen <dave.hansen@...ux.intel.com>
CommitterDate: Thu, 16 Dec 2021 09:39:40 -08:00

x86/pkey: Fix undefined behaviour with PKRU_WD_BIT

Both __pkru_allows_write() and arch_set_user_pkey_access() shift
PKRU_WD_BIT (a signed constant) by up to 30 bits, hitting the
sign bit.

Use unsigned constants instead.

Clearly pkey 15 has not been used in combination with UBSAN yet.

Noticed by code inspection only.  I can't actually provoke the
compiler into generating incorrect logic as far as this shift is
concerned, so haven't included a fixes tag.

[
  dhansen: add stable@ tag, plus minor changelog massaging,

           For anyone doing backports, these #defines were in
	   arch/x86/include/asm/pgtable.h before 784a46618f6.
]

Fixes: 33a709b25a76 ("mm/gup, x86/mm/pkeys: Check VMAs and PTEs for protection keys")
Signed-off-by: Andrew Cooper <andrew.cooper3@...rix.com>
Signed-off-by: Dave Hansen <dave.hansen@...ux.intel.com>
Cc: stable@...r.kernel.org
Link: https://lkml.kernel.org/r/20211216000856.4480-1-andrew.cooper3@citrix.com
---
 arch/x86/include/asm/pkru.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/x86/include/asm/pkru.h b/arch/x86/include/asm/pkru.h
index 4cd49af..74f0a2d 100644
--- a/arch/x86/include/asm/pkru.h
+++ b/arch/x86/include/asm/pkru.h
@@ -4,8 +4,8 @@
 
 #include <asm/cpufeature.h>
 
-#define PKRU_AD_BIT 0x1
-#define PKRU_WD_BIT 0x2
+#define PKRU_AD_BIT 0x1u
+#define PKRU_WD_BIT 0x2u
 #define PKRU_BITS_PER_PKEY 2
 
 #ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ