github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 06:25:52 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
Linux kernel source tree
789,195 Commits 1 Branch 934 Tags 20 GiB
C 97%
Assembly 1%
Shell 0.6%
Rust 0.5%
Python 0.4%
Other 0.3%
662b831dde
Go to file
Eric W. Biederman 662b831dde signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO 
[ Upstream commit f6e2aa91a4 ]

Recently syzbot in conjunction with KMSAN reported that
ptrace_peek_siginfo can copy an uninitialized siginfo to userspace.
Inspecting ptrace_peek_siginfo confirms this.

The problem is that off when initialized from args.off can be
initialized to a negaive value.  At which point the "if (off >= 0)"
test to see if off became negative fails because off started off
negative.

Prevent the core problem by adding a variable found that is only true
if a siginfo is found and copied to a temporary in preparation for
being copied to userspace.

Prevent args.off from being truncated when being assigned to off by
testing that off is <= the maximum possible value of off.  Convert off
to an unsigned long so that we should not have to truncate args.off,
we have well defined overflow behavior so if we add another check we
won't risk fighting undefined compiler behavior, and so that we have a
type whose maximum value is easy to test for.

Cc: Andrei Vagin <avagin@gmail.com>
Cc: stable@vger.kernel.org
Reported-by: syzbot+0d602a1b0d8c95bdf299@syzkaller.appspotmail.com
Fixes: 84c751bd4a ("ptrace: add ability to retrieve signals without removing from a queue (v4)")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-06-19 08:18:00 +02:00
arch ARM: exynos: Fix undefined instruction during Exynos5422 resume 2019-06-15 11:54:10 +02:00
block block, bfq: increase idling for weight-raised queues 2019-06-15 11:54:10 +02:00
certs export.h: remove VMLINUX_SYMBOL() and VMLINUX_SYMBOL_STR() 2018-08-22 23:21:44 +09:00
crypto crypto: ccm - fix incompatibility between "ccm" and "ccm_base" 2019-05-22 07:37:43 +02:00
Documentation tcp: add tcp_min_snd_mss sysctl 2019-06-17 19:51:56 +02:00
drivers libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk 2019-06-19 08:17:59 +02:00
firmware kbuild: remove all dummy assignments to obj- 2017-11-18 11:46:06 +09:00
fs fs/ocfs2: fix race in ocfs2_dentry_attach_lock() 2019-06-19 08:18:00 +02:00
include tcp: add tcp_min_snd_mss sysctl 2019-06-17 19:51:56 +02:00
init initramfs: free initrd memory if opening /initrd.image fails 2019-06-15 11:54:01 +02:00
ipc ipc: prevent lockup on alloc_msg and free_msg 2019-06-15 11:54:00 +02:00
kernel signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO 2019-06-19 08:18:00 +02:00
lib test_firmware: Use correct snprintf() limit 2019-06-11 12:20:54 +02:00
LICENSES LICENSES: Remove CC-BY-SA-4.0 license text 2018-10-18 11:28:50 +02:00
mm mm/vmscan.c: fix trying to reclaim unevictable LRU page 2019-06-19 08:18:00 +02:00
net tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() 2019-06-17 19:51:56 +02:00
samples samples: mei: use /dev/mei0 instead of /dev/mei 2019-02-15 08:10:11 +01:00
scripts gcc-plugins: Fix build failures under Darwin host 2019-06-09 09:17:22 +02:00
security evm: check hash algorithm passed to init_desc() 2019-06-09 09:17:21 +02:00
sound ALSA: firewire-motu: fix destruction of data for isochronous resources 2019-06-19 08:17:59 +02:00
tools objtool: Don't use ignore flag for fake jumps 2019-06-15 11:54:03 +02:00
usr initramfs: move gen_initramfs_list.sh from scripts/ to usr/ 2018-08-22 23:21:44 +09:00
virt KVM: s390: Do not report unusabled IDs via KVM_CAP_MAX_VCPU_ID 2019-06-09 09:17:18 +02:00
.clang-format clang-format: Set IndentWrappedFunctionNames false 2018-08-01 18:38:51 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore Kbuild updates for v4.17 (2nd) 2018-04-15 17:21:30 -07:00
.mailmap libnvdimm-for-4.19_misc 2018-08-25 18:13:10 -07:00
COPYING COPYING: use the new text with points to the license files 2018-03-23 12:41:45 -06:00
CREDITS 9p: remove Ron Minnich from MAINTAINERS 2018-08-17 16:20:26 -07:00
Kbuild Kbuild updates for v4.15 2017-11-17 17:45:29 -08:00
Kconfig kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt 2018-08-02 08:06:55 +09:00
MAINTAINERS platform/x86: Add Intel AtomISP2 dummy / power-management driver 2019-04-20 09:16:02 +02:00
Makefile Linux 4.19.52 2019-06-17 19:51:57 +02:00
README Docs: Added a pointer to the formatted docs to README 2018-03-21 09:02:53 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.