| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 5 Apr 2024 23:02:05 +0900
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To: syzbot <syzbot+cb76c2983557a07cdb14@...kaller.appspotmail.com>,
linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com,
Kees Cook <keescook@...omium.org>
Subject: Re: [syzbot] [hardening?] [mm?] BUG: bad usercopy in fpa_set
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
index c421a899fc84..347611ae762f 100644
--- a/arch/arm/kernel/ptrace.c
+++ b/arch/arm/kernel/ptrace.c
@@ -583,10 +583,15 @@ static int fpa_set(struct task_struct *target,
const void *kbuf, const void __user *ubuf)
{
struct thread_info *thread = task_thread_info(target);
+ const unsigned int pos0 = pos;
+ char buf[sizeof(struct user_fp)];
+ int ret;
- return user_regset_copyin(&pos, &count, &kbuf, &ubuf,
- &thread->fpstate,
- 0, sizeof(struct user_fp));
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
+ buf, 0, sizeof(struct user_fp));
+ if (!ret)
+ memcpy(&thread->fpstate, buf, pos - pos0);
+ return ret;
}
#ifdef CONFIG_VFP
Powered by blists - more mailing lists