All of lore.kernel.org
 help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Dan Carpenter <dan.carpenter@oracle.com>,
	Peilin Ye <yepeilin.cs@gmail.com>,
	"Dmitry V. Levin" <ldv@altlinux.org>,
	Christian Brauner <christian.brauner@ubuntu.com>
Subject: [PATCH 5.9 01/49] ptrace: Prevent kernel-infoleak in ptrace_get_syscall_info()
Date: Sat, 19 Dec 2020 13:58:05 +0100	[thread overview]
Message-ID: <20201219125344.739111117@linuxfoundation.org> (raw)
In-Reply-To: <20201219125344.671832095@linuxfoundation.org>

From: Peilin Ye <yepeilin.cs@gmail.com>

commit 0032ce0f85a269a006e91277be5fdbc05fad8426 upstream.

ptrace_get_syscall_info() is potentially copying uninitialized stack
memory to userspace, since the compiler may leave a 3-byte hole near the
beginning of `info`. Fix it by adding a padding field to `struct
ptrace_syscall_info`.

Fixes: 201766a20e30 ("ptrace: add PTRACE_GET_SYSCALL_INFO request")
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
Reviewed-by: Dmitry V. Levin <ldv@altlinux.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200801152044.230416-1-yepeilin.cs@gmail.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 include/uapi/linux/ptrace.h |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/include/uapi/linux/ptrace.h
+++ b/include/uapi/linux/ptrace.h
@@ -81,7 +81,8 @@ struct seccomp_metadata {
 
 struct ptrace_syscall_info {
 	__u8 op;	/* PTRACE_SYSCALL_INFO_* */
-	__u32 arch __attribute__((__aligned__(sizeof(__u32))));
+	__u8 pad[3];
+	__u32 arch;
 	__u64 instruction_pointer;
 	__u64 stack_pointer;
 	union {



  reply	other threads:[~2020-12-19 12:58 UTC|newest]

Thread overview: 57+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-12-19 12:58 [PATCH 5.9 00/49] 5.9.16-rc1 review Greg Kroah-Hartman
2020-12-19 12:58 ` Greg Kroah-Hartman [this message]
2020-12-19 12:58 ` [PATCH 5.9 02/49] net/sched: fq_pie: initialize timer earlier in fq_pie_init() Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 03/49] net: ipa: pass the correct size when freeing DMA memory Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 04/49] ipv4: fix error return code in rtm_to_fib_config() Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 05/49] mac80211: mesh: fix mesh_pathtbl_init() error path Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 06/49] net: bridge: vlan: fix error return code in __vlan_add() Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 07/49] vrf: packets with lladdr src needs dst at input with orig_iif when needs strict Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 08/49] net: mscc: ocelot: fix dropping of unknown IPv4 multicast on Seville Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 09/49] net: hns3: remove a misused pragma packed Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 10/49] udp: fix the proto value passed to ip_protocol_deliver_rcu for the segments Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 11/49] enetc: Fix reporting of h/w packet counters Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 12/49] bridge: Fix a deadlock when enabling multicast snooping Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 13/49] mptcp: print new line in mptcp_seq_show() if mptcp isnt in use Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 14/49] net: stmmac: dwmac-meson8b: fix mask definition of the m250_sel mux Greg Kroah-Hartman
2020-12-19 21:51   ` Pavel Machek
2020-12-19 22:38     ` Martin Blumenstingl
2020-12-19 23:13       ` Pavel Machek
2020-12-21 14:31         ` Martin Blumenstingl
2020-12-19 12:58 ` [PATCH 5.9 15/49] net: stmmac: start phylink instance before stmmac_hw_setup() Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 16/49] net: stmmac: free tx skb buffer in stmmac_resume() Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 17/49] net: stmmac: delete the eee_ctrl_timer after napi disabled Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 18/49] net: stmmac: overwrite the dma_cap.addr64 according to HW design Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 19/49] net: ll_temac: Fix potential NULL dereference in temac_probe() Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 20/49] tcp: select sane initial rcvq_space.space for big MSS Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 21/49] e1000e: fix S0ix flow to allow S0i3.2 subset entry Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 22/49] ethtool: fix stack overflow in ethnl_parse_bitset() Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 23/49] tcp: fix cwnd-limited bug for TSO deferral where we send nothing Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 24/49] net: flow_offload: Fix memory leak for indirect flow block Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 25/49] net/mlx4_en: Avoid scheduling restart task if it is already running Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 26/49] net/mlx4_en: Handle TX error CQE Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 27/49] net: sched: Fix dump of MPLS_OPT_LSE_LABEL attribute in cls_flower Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 28/49] bonding: fix feature flag setting at init time Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 29/49] ch_ktls: fix build warning for ipv4-only config Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 30/49] lan743x: fix for potential NULL pointer dereference with bare card Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 31/49] net: stmmac: increase the timeout for dma reset Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 32/49] net: tipc: prevent possible null deref of link Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 33/49] ktest.pl: If size of log is too big to email, email error message Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 34/49] ktest.pl: Fix the logic for truncating the size of the log file for email Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 35/49] USB: dummy-hcd: Fix uninitialized array use in init() Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 36/49] USB: add RESET_RESUME quirk for Snapscan 1212 Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 37/49] ALSA: usb-audio: Fix potential out-of-bounds shift Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 38/49] ALSA: usb-audio: Fix control access overflow errors from chmap Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 39/49] xhci: Give USB2 ports time to enter U3 in bus suspend Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 40/49] xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 41/49] xhci-pci: Allow host runtime PM as default for Intel Maple Ridge xHCI Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 42/49] USB: UAS: introduce a quirk to set no_write_same Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 43/49] USB: sisusbvga: Make console support depend on BROKEN Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 44/49] ALSA: pcm: oss: Fix potential out-of-bounds shift Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 45/49] serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 46/49] KVM: mmu: Fix SPTE encoding of MMIO generation upper half Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 47/49] membarrier: Explicitly sync remote cores when SYNC_CORE is requested Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 48/49] x86/resctrl: Remove unused struct mbm_state::chunks_bw Greg Kroah-Hartman
2020-12-19 12:58 ` [PATCH 5.9 49/49] x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled Greg Kroah-Hartman
2020-12-19 21:49 ` [PATCH 5.9 00/49] 5.9.16-rc1 review Guenter Roeck
2020-12-20  3:51 ` Naresh Kamboju
2020-12-20 13:37 ` Jon Hunter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201219125344.739111117@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=christian.brauner@ubuntu.com \
    --cc=dan.carpenter@oracle.com \
    --cc=ldv@altlinux.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=yepeilin.cs@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.