All of lore.kernel.org
 help / color / mirror / Atom feed
* Patch "fix minor infoleak in get_user_ex()" has been added to the 4.7-stable tree
@ 2016-09-22 15:43 gregkh
  0 siblings, 0 replies; only message in thread
From: gregkh @ 2016-09-22 15:43 UTC (permalink / raw)
  To: viro, gregkh, torvalds, viro; +Cc: stable, stable-commits


This is a note to let you know that I've just added the patch titled

    fix minor infoleak in get_user_ex()

to the 4.7-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     fix-minor-infoleak-in-get_user_ex.patch
and it can be found in the queue-4.7 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From 1c109fabbd51863475cd12ac206bdd249aee35af Mon Sep 17 00:00:00 2001
From: Al Viro <viro@ZenIV.linux.org.uk>
Date: Thu, 15 Sep 2016 02:35:29 +0100
Subject: fix minor infoleak in get_user_ex()

From: Al Viro <viro@ZenIV.linux.org.uk>

commit 1c109fabbd51863475cd12ac206bdd249aee35af upstream.

get_user_ex(x, ptr) should zero x on failure.  It's not a lot of a leak
(at most we are leaking uninitialized 64bit value off the kernel stack,
and in a fairly constrained situation, at that), but the fix is trivial,
so...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[ This sat in different branch from the uaccess fixes since mid-August ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/include/asm/uaccess.h |    6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -414,7 +414,11 @@ do {									\
 #define __get_user_asm_ex(x, addr, itype, rtype, ltype)			\
 	asm volatile("1:	mov"itype" %1,%"rtype"0\n"		\
 		     "2:\n"						\
-		     _ASM_EXTABLE_EX(1b, 2b)				\
+		     ".section .fixup,\"ax\"\n"				\
+                     "3:xor"itype" %"rtype"0,%"rtype"0\n"		\
+		     "  jmp 2b\n"					\
+		     ".previous\n"					\
+		     _ASM_EXTABLE_EX(1b, 3b)				\
 		     : ltype(x) : "m" (__m(addr)))
 
 #define __put_user_nocheck(x, ptr, size)			\


Patches currently in stable-queue which might be from viro@ZenIV.linux.org.uk are

queue-4.7/arc-uaccess-get_user-to-zero-out-dest-in-cause-of-fault.patch
queue-4.7/fix-minor-infoleak-in-get_user_ex.patch
queue-4.7/fix-iov_iter_fault_in_readable.patch

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2016-09-22 15:43 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-09-22 15:43 Patch "fix minor infoleak in get_user_ex()" has been added to the 4.7-stable tree gregkh

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.