From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Dan Carpenter <dan.carpenter@oracle.com>,
Peilin Ye <yepeilin.cs@gmail.com>,
"Dmitry V. Levin" <ldv@altlinux.org>,
Christian Brauner <christian.brauner@ubuntu.com>
Subject: [PATCH 5.10 01/16] ptrace: Prevent kernel-infoleak in ptrace_get_syscall_info()
Date: Sat, 19 Dec 2020 13:57:08 +0100 [thread overview]
Message-ID: <20201219125339.146155309@linuxfoundation.org> (raw)
In-Reply-To: <20201219125339.066340030@linuxfoundation.org>
From: Peilin Ye <yepeilin.cs@gmail.com>
commit 0032ce0f85a269a006e91277be5fdbc05fad8426 upstream.
ptrace_get_syscall_info() is potentially copying uninitialized stack
memory to userspace, since the compiler may leave a 3-byte hole near the
beginning of `info`. Fix it by adding a padding field to `struct
ptrace_syscall_info`.
Fixes: 201766a20e30 ("ptrace: add PTRACE_GET_SYSCALL_INFO request")
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
Reviewed-by: Dmitry V. Levin <ldv@altlinux.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200801152044.230416-1-yepeilin.cs@gmail.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/uapi/linux/ptrace.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/include/uapi/linux/ptrace.h
+++ b/include/uapi/linux/ptrace.h
@@ -81,7 +81,8 @@ struct seccomp_metadata {
struct ptrace_syscall_info {
__u8 op; /* PTRACE_SYSCALL_INFO_* */
- __u32 arch __attribute__((__aligned__(sizeof(__u32))));
+ __u8 pad[3];
+ __u32 arch;
__u64 instruction_pointer;
__u64 stack_pointer;
union {
next prev parent reply other threads:[~2020-12-19 12:56 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-19 12:57 [PATCH 5.10 00/16] 5.10.2-rc1 review Greg Kroah-Hartman
2020-12-19 12:57 ` Greg Kroah-Hartman [this message]
2020-12-19 12:57 ` [PATCH 5.10 02/16] ktest.pl: If size of log is too big to email, email error message Greg Kroah-Hartman
2020-12-19 12:57 ` [PATCH 5.10 03/16] ktest.pl: Fix the logic for truncating the size of the log file for email Greg Kroah-Hartman
2020-12-19 12:57 ` [PATCH 5.10 04/16] USB: legotower: fix logical error in recent commit Greg Kroah-Hartman
2020-12-19 12:57 ` [PATCH 5.10 05/16] USB: dummy-hcd: Fix uninitialized array use in init() Greg Kroah-Hartman
2020-12-19 12:57 ` [PATCH 5.10 06/16] USB: add RESET_RESUME quirk for Snapscan 1212 Greg Kroah-Hartman
2020-12-19 12:57 ` [PATCH 5.10 07/16] ALSA: usb-audio: Fix potential out-of-bounds shift Greg Kroah-Hartman
2020-12-19 12:57 ` [PATCH 5.10 08/16] ALSA: usb-audio: Fix control access overflow errors from chmap Greg Kroah-Hartman
2020-12-19 12:57 ` [PATCH 5.10 09/16] xhci: Give USB2 ports time to enter U3 in bus suspend Greg Kroah-Hartman
2020-12-19 12:57 ` [PATCH 5.10 10/16] usb: xhci: Set quirk for XHCI_SG_TRB_CACHE_SIZE_QUIRK Greg Kroah-Hartman
2020-12-19 12:57 ` [PATCH 5.10 11/16] xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP Greg Kroah-Hartman
2020-12-19 12:57 ` [PATCH 5.10 12/16] xhci-pci: Allow host runtime PM as default for Intel Maple Ridge xHCI Greg Kroah-Hartman
2020-12-19 12:57 ` [PATCH 5.10 13/16] USB: UAS: introduce a quirk to set no_write_same Greg Kroah-Hartman
2020-12-19 12:57 ` [PATCH 5.10 14/16] USB: sisusbvga: Make console support depend on BROKEN Greg Kroah-Hartman
2020-12-19 12:57 ` [PATCH 5.10 15/16] ALSA: pcm: oss: Fix potential out-of-bounds shift Greg Kroah-Hartman
2020-12-19 12:57 ` [PATCH 5.10 16/16] serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access Greg Kroah-Hartman
2020-12-19 21:20 ` [PATCH 5.10 00/16] 5.10.2-rc1 review Jeffrin Jose T
2020-12-19 21:50 ` Guenter Roeck
2020-12-21 12:59 ` Greg Kroah-Hartman
2020-12-20 3:17 ` Naresh Kamboju
2020-12-21 12:59 ` Greg Kroah-Hartman
2020-12-20 13:41 ` Jon Hunter
2020-12-21 13:00 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201219125339.146155309@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=christian.brauner@ubuntu.com \
--cc=dan.carpenter@oracle.com \
--cc=ldv@altlinux.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=yepeilin.cs@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.