| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <163999729659.23020.13602058944330070928.tip-bot2@tip-bot2>
Date: Mon, 20 Dec 2021 10:48:16 -0000
From: "tip-bot2 for Borislav Petkov" <tip-bot2@...utronix.de>
To: linux-tip-commits@...r.kernel.org
Cc: Dan Carpenter <dan.carpenter@...cle.com>,
Borislav Petkov <bp@...e.de>, Tony Luck <tony.luck@...el.com>,
x86@...nel.org, linux-kernel@...r.kernel.org
Subject: [tip: ras/core] x86/mce: Check regs before accessing it
The following commit has been merged into the ras/core branch of tip:
Commit-ID: 1acd85feba81084fcef00b73fc1601e42b77c5d8
Gitweb: https://git.kernel.org/tip/1acd85feba81084fcef00b73fc1601e42b77c5d8
Author: Borislav Petkov <bp@...e.de>
AuthorDate: Fri, 17 Dec 2021 16:49:25 +01:00
Committer: Borislav Petkov <bp@...e.de>
CommitterDate: Mon, 20 Dec 2021 11:41:02 +01:00
x86/mce: Check regs before accessing it
Commit in Fixes accesses pt_regs before checking whether it is NULL or
not. Make sure the NULL pointer check happens first.
Fixes: 0a5b288e85bb ("x86/mce: Prevent severity computation from being instrumented")
Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
Signed-off-by: Borislav Petkov <bp@...e.de>
Reviewed-by: Tony Luck <tony.luck@...el.com>
Link: https://lore.kernel.org/r/20211217102029.GA29708@kili
---
arch/x86/kernel/cpu/mce/severity.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/mce/severity.c b/arch/x86/kernel/cpu/mce/severity.c
index a326467..7aa2bda 100644
--- a/arch/x86/kernel/cpu/mce/severity.c
+++ b/arch/x86/kernel/cpu/mce/severity.c
@@ -222,6 +222,9 @@ static bool is_copy_from_user(struct pt_regs *regs)
struct insn insn;
int ret;
+ if (!regs)
+ return false;
+
if (copy_from_kernel_nofault(insn_buf, (void *)regs->ip, MAX_INSN_SIZE))
return false;
@@ -283,7 +286,7 @@ static noinstr int error_context(struct mce *m, struct pt_regs *regs)
switch (fixup_type) {
case EX_TYPE_UACCESS:
case EX_TYPE_COPY:
- if (!regs || !copy_user)
+ if (!copy_user)
return IN_KERNEL;
m->kflags |= MCE_IN_KERNEL_COPYIN;
fallthrough;
Powered by blists - more mailing lists