| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1649749204-186363-2-git-send-email-dmtrmonakhov@yandex-team.ru>
Date: Tue, 12 Apr 2022 10:40:04 +0300
From: Dmitry Monakhov <dmtrmonakhov@...dex-team.ru>
To: linux-kernel@...r.kernel.org
Cc: x86@...nel.org, mingo@...hat.com,
Dmitry Monakhov <dmtrmonakhov@...dex-team.ru>
Subject: [PATCH 2/2] x86/unwind/orc: Fix address check size for deref_stack_iret_regs
For historical reasons we check only IRET_FRAME_OFFSET, but this check
is no longer valid because we also access regs->sp field which is
located beyond IRET_FRAME, so it is reasonable to validate full structure.
Signed-off-by: Dmitry Monakhov <dmtrmonakhov@...dex-team.ru>
---
arch/x86/kernel/unwind_orc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/unwind_orc.c b/arch/x86/kernel/unwind_orc.c
index 80b878772b86..a249ecabe689 100644
--- a/arch/x86/kernel/unwind_orc.c
+++ b/arch/x86/kernel/unwind_orc.c
@@ -379,7 +379,7 @@ static bool deref_stack_iret_regs(struct unwind_state *state, unsigned long addr
{
struct pt_regs *regs = (void *)addr - IRET_FRAME_OFFSET;
- if (!stack_access_ok(state, addr, IRET_FRAME_SIZE))
+ if (!stack_access_ok(state, addr, sizeof(struct pt_regs)))
return false;
*ip = READ_ONCE_NOCHECK(regs->ip);
--
2.7.4
Powered by blists - more mailing lists