AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-01-22 14:55:02 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
e0d8b2ec53
linux_dsm_epyc7002/arch/powerpc/kernel
History
Amanieu d'Antras 3c00cb5e68 signal: fix information leak in copy_siginfo_from_user32 
This function can leak kernel stack data when the user siginfo_t has a
positive si_code value.  The top 16 bits of si_code descibe which fields
in the siginfo_t union are active, but they are treated inconsistently
between copy_siginfo_from_user32, copy_siginfo_to_user32 and
copy_siginfo_to_user.

copy_siginfo_from_user32 is called from rt_sigqueueinfo and
rt_tgsigqueueinfo in which the user has full control overthe top 16 bits
of si_code.

This fixes the following information leaks:
x86:   8 bytes leaked when sending a signal from a 32-bit process to
       itself. This leak grows to 16 bytes if the process uses x32.
       (si_code = __SI_CHLD)
x86:   100 bytes leaked when sending a signal from a 32-bit process to
       a 64-bit process. (si_code = -1)
sparc: 4 bytes leaked when sending a signal from a 32-bit process to a
       64-bit process. (si_code = any)

parsic and s390 have similar bugs, but they are not vulnerable because
rt_[tg]sigqueueinfo have checks that prevent sending a positive si_code
to a different process.  These bugs are also fixed for consistency.

Signed-off-by: Amanieu d'Antras <amanieu@gmail.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Russell King <rmk@arm.linux.org.uk>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Chris Metcalf <cmetcalf@ezchip.com>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-08-07 04:39:40 +03:00
..
vdso32
vdso64
.gitignore
align.c
asm-offsets.c powerpc/kernel: Rename PACA_DSCR to PACA_DSCR_DEFAULT 2015-06-07 19:29:00 +10:00
audit.c
btext.c
cacheinfo.c powerpc: Fix missing L2 cache size in /sys/devices/system/cpu 2015-04-11 20:49:28 +10:00
cacheinfo.h
compat_audit.c
cpu_setup_6xx.S
cpu_setup_44x.S
cpu_setup_fsl_booke.S
cpu_setup_pa6t.S
cpu_setup_power.S powerpc/book3s: Fix flush_tlb cpu_spec hook to take a generic argument. 2015-03-17 07:52:48 +11:00
cpu_setup_ppc970.S
cputable.c powerpc/tm: Abort syscalls in active transactions 2015-06-19 17:10:28 +10:00
crash_dump.c
crash.c
dbell.c powerpc/powernv: Fixes for hypervisor doorbell handling 2015-03-20 14:51:53 +11:00
dma-iommu.c
dma-swiotlb.c powerpc: fsl_pci, swiotlb: Move controller ops from ppc_md to controller_ops 2015-04-11 20:49:17 +10:00
dma.c powerpc/pci: add dma_set_mask to pci_controller_ops 2015-06-02 13:18:49 +10:00
eeh_cache.c powerpc/eeh: fix start/end/flags type in struct pci_io_addr_range{} 2015-05-13 14:00:07 +10:00
eeh_dev.c powerpc/eeh: Create eeh_dev from pci_dn instead of device_node 2015-03-24 13:15:51 +11:00
eeh_driver.c powerpc/eeh: fix comment for wait_state() 2015-05-13 14:00:07 +10:00
eeh_event.c
eeh_pe.c powerpc/eeh: Fix PE#0 check in eeh_add_to_parent_pe() 2015-03-31 13:10:39 +11:00
eeh_sysfs.c
eeh.c powerpc/eeh/ioda2: Use device::iommu_group to check IOMMU group 2015-06-11 15:14:54 +10:00
entry_32.S powerpc: Remove old compile time disabled syscall tracing code 2015-02-02 14:51:32 +11:00
entry_64.S powerpc/tm: Abort syscalls in active transactions 2015-06-19 17:10:28 +10:00
epapr_hcalls.S
epapr_paravirt.c
exceptions-64e.S
exceptions-64s.S powerpc: Non relocatable system call doesn't need a trampoline 2015-06-02 13:26:47 +10:00
fadump.c
firmware.c
fpu.S
fsl_booke_entry_mapping.S
ftrace.c powerpc updates for 3.19 2014-12-11 17:48:14 -08:00
head_8xx.S powerpc/8xx: Implementation of PAGE_EXEC 2015-06-02 21:37:28 -05:00
head_32.S
head_40x.S
head_44x.S
head_64.S
head_booke.h
head_fsl_booke.S
hw_breakpoint.c
ibmebus.c
idle_6xx.S
idle_book3e.S
idle_e500.S powerpc/e500mc: Remove dead L2 flushing code in idle_e500.S 2015-06-02 21:37:19 -05:00
idle_power4.S
idle_power7.S powerpc/powernv: Fix race in updating core_idle_state 2015-07-07 10:16:52 +10:00
idle.c
io-workarounds.c powerpc/mm/thp: Make page table walk safe against thp split/collapse 2015-04-17 11:23:39 +10:00
io.c
iomap.c
iommu.c powerpc/iommu/powernv: Release replaced TCE 2015-06-11 15:16:49 +10:00
irq.c
isa-bridge.c
jump_label.c
kgdb.c
kprobes.c
kvm_emul.S
kvm.c
l2cr_6xx.S
legacy_serial.c
machine_kexec_32.c
machine_kexec_64.c kexec: add IND_FLAGS macro 2015-02-17 14:34:51 -08:00
machine_kexec.c
Makefile Devicetree changes for v4.2 2015-07-01 19:40:18 -07:00
mce_power.c powerpc/book3s: Fix flush_tlb cpu_spec hook to take a generic argument. 2015-03-17 07:52:48 +11:00
mce.c powerpc/mce: fix off by one errors in mce event handling 2015-05-12 19:44:01 +10:00
misc_32.S
misc_64.S
misc.S
module_32.c
module_64.c
module.c
msi.c powerpc: Remove MSI-related PCI controller ops from ppc_md 2015-06-02 11:47:45 +10:00
nvram_64.c powerpc/rtas: Make timestamp related code y2038-safe 2015-03-23 14:06:11 +11:00
of_platform.c powerpc/eeh: Do probe on pci_dn 2015-03-24 13:15:52 +11:00
paca.c powerpc/kernel: Avoid memory corruption at early stage 2015-01-23 14:02:52 +11:00
pci_32.c
pci_64.c powerpc updates for 3.19 2014-12-11 17:48:14 -08:00
pci_dn.c powerpc/powernv: Shift VF resource with an offset 2015-03-31 13:02:38 +11:00
pci_of_scan.c powerpc: Remove shims for pci_controller_ops operations 2015-04-11 20:49:18 +10:00
pci-common.c powerpc/pci: Add pcibios_disable_device() hook 2015-06-03 13:27:16 +10:00
pci-hotplug.c powerpc/pci: Add release_device() hook to phb ops 2015-06-03 13:27:15 +10:00
pmc.c
ppc32.h
ppc_ksyms_32.c
ppc_ksyms.c
ppc_save_regs.S
proc_powerpc.c
process.c powerpc/kernel: Remove the unused extern dscr_default 2015-06-07 19:27:26 +10:00
prom_init_check.sh
prom_init.c PCI: Remove unnecessary #includes of <asm/pci.h> 2015-06-08 07:56:09 -05:00
prom_parse.c
prom.c arm64 updates for 4.2, mostly refactoring/clean-up: 2015-06-24 10:02:15 -07:00
ptrace32.c
ptrace.c
reloc_32.S
reloc_64.S
rtas_flash.c
rtas_pci.c powerpc: move find_and_init_phbs() to pSeries specific code 2015-04-11 20:49:09 +10:00
rtas-proc.c
rtas-rtc.c
rtas.c powerpc: Replace mem_init_done with slab_is_available() 2015-04-10 20:02:48 +10:00
rtasd.c
setup_32.c
setup_64.c powerpc/mmu: Add userspace-to-physical addresses translation cache 2015-06-11 15:16:54 +10:00
setup-common.c
signal_32.c signal: fix information leak in copy_siginfo_from_user32 2015-08-07 04:39:40 +03:00
signal_64.c all arches, signal: move restart_block to struct task_struct 2015-02-12 18:54:12 -08:00
signal.c
signal.h
smp-tbsync.c
smp.c powerpc/smp: Wait until secondaries are active & online 2015-03-04 13:19:33 +11:00
stacktrace.c
suspend.c
swsusp_32.S
swsusp_64.c
swsusp_asm64.S
swsusp_booke.S
swsusp.c
sys_ppc32.c
syscalls.c powerpc: Add a proper syscall for switching endianness 2015-03-28 22:03:40 +11:00
sysfs.c powerpc/dscr: Add some in-code documentation 2015-06-07 19:29:15 +10:00
systbl_chk.c powerpc: Add a proper syscall for switching endianness 2015-03-28 22:03:40 +11:00
systbl_chk.sh
systbl.S powerpc: Add a proper syscall for switching endianness 2015-03-28 22:03:40 +11:00
tau_6xx.c
time.c powerpc: use device_initcall for registering rtc devices 2015-06-16 14:12:29 -04:00
tm.S powerpc/kernel: Rename PACA_DSCR to PACA_DSCR_DEFAULT 2015-06-07 19:29:00 +10:00
traps.c powerpc: Set the correct kernel taint on machine check errors. 2015-07-06 20:24:35 +10:00
udbg_16550.c
udbg.c powerpc: Remove the celleb support 2015-04-07 17:15:13 +10:00
uprobes.c
vdso.c powerpc/vdso: Disable building the 32-bit VDSO on little endian 2015-05-11 20:01:02 +10:00
vecemu.c
vector.S powerpc: Change vrX register defines to vX to match gcc and glibc 2015-03-16 18:32:11 +11:00
vio.c powerpc: use for_each_sg() 2015-06-24 17:49:38 -07:00
vmlinux.lds.S powerpc: Align TOC to 256 bytes 2015-05-14 16:59:21 +10:00