All of lore.kernel.org
 help / color / mirror / Atom feed
From: Greg KH <gregkh@linuxfoundation.org>
To: Jann Horn <jannh@google.com>
Cc: stable@vger.kernel.org
Subject: Re: [PATCH for 4.18.y] x86/dumpstack: Don't dump kernel memory based on usermode RIP
Date: Mon, 3 Sep 2018 18:16:01 +0200	[thread overview]
Message-ID: <20180903161601.GA5823@kroah.com> (raw)
In-Reply-To: <20180903143248.98687-1-jannh@google.com>

On Mon, Sep 03, 2018 at 04:32:48PM +0200, Jann Horn wrote:
> commit 342db04ae71273322f0011384a9ed414df8bdae4 upstream.
> 
> show_opcodes() is used both for dumping kernel instructions and for dumping
> user instructions. If userspace causes #PF by jumping to a kernel address,
> show_opcodes() can be reached with regs->ip controlled by the user,
> pointing to kernel code. Make sure that userspace can't trick us into
> dumping kernel memory into dmesg.
> 
> Manually backported: show_opcodes() has changed a bit in the meantime.
> I have manually tested the backport.
> 
> Fixes: 7cccf0725cf7 ("x86/dumpstack: Add a show_ip() function")
> Cc: stable@vger.kernel.org
> Link: https://lkml.kernel.org/r/20180828154901.112726-1-jannh@google.com
> Signed-off-by: Jann Horn <jannh@google.com>
> ---
> Since I manually backported this, I have removed all other
> sign-off/reviewed-by lines. I hope that's correct?

Yes, that's fine, but I added them back as this wasn't that different of
a backport :)

THanks for the patch, now queued up.

greg k-h

      reply	other threads:[~2018-09-03 20:36 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-03 14:32 [PATCH for 4.18.y] x86/dumpstack: Don't dump kernel memory based on usermode RIP Jann Horn
2018-09-03 16:16 ` Greg KH [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180903161601.GA5823@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=jannh@google.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.