From: Ralf Baechle <ralf@linux-mips.org>
To: Paul Burton <paul.burton@imgtec.com>
Cc: linux-mips@linux-mips.org, stable@vger.kernel.org
Subject: Re: [PATCH] MIPS: prevent user from setting FCSR cause bits
Date: Wed, 30 Jul 2014 19:34:47 +0200 [thread overview]
Message-ID: <20140730173446.GB27790@linux-mips.org> (raw)
In-Reply-To: <1406035281-693-1-git-send-email-paul.burton@imgtec.com>
On Tue, Jul 22, 2014 at 02:21:21PM +0100, Paul Burton wrote:
> If one or more matching FCSR cause & enable bits are set in saved thread
> context then when that context is restored the kernel will take an FP
> exception. This is of course undesirable and considered an oops, leading
> to the kernel writing a backtrace to the console and potentially
> rebooting depending upon the configuration. Thus the kernel avoids this
> situation by clearing the cause bits of the FCSR register when handling
> FP exceptions and after emulating FP instructions.
>
> However the kernel does not prevent userland from setting arbitrary FCSR
> cause & enable bits via ptrace, using either the PTRACE_POKEUSR or
> PTRACE_SETFPREGS requests. This means userland can trivially cause the
> kernel to oops on any system with an FPU. Prevent this from happening
> by clearing the cause bits when writing to the saved FCSR context via
> ptrace.
>
> This problem appears to exist at least back to the beginning of the git
> era in the PTRACE_POKEUSR case.
Good catch - but I think something like UML on a more proper fix. How
until then I'm going to apply this.
Ralf
next prev parent reply other threads:[~2014-07-30 17:34 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-22 13:21 [PATCH] MIPS: prevent user from setting FCSR cause bits Paul Burton
2014-07-22 13:21 ` Paul Burton
2014-07-30 17:34 ` Ralf Baechle [this message]
2014-07-30 17:39 ` Paul Burton
2014-07-30 17:39 ` Paul Burton
2014-07-31 7:19 ` Ralf Baechle
2014-07-30 17:53 ` Maciej W. Rozycki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140730173446.GB27790@linux-mips.org \
--to=ralf@linux-mips.org \
--cc=linux-mips@linux-mips.org \
--cc=paul.burton@imgtec.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox