linux/arch/x86/um
Vincent Whitchurch 2a4a62a14b um: Fix out-of-bounds read in LDT setup
syscall_stub_data() expects the data_count parameter to be the number of
longs, not bytes.

 ==================================================================
 BUG: KASAN: stack-out-of-bounds in syscall_stub_data+0x70/0xe0
 Read of size 128 at addr 000000006411f6f0 by task swapper/1

 CPU: 0 PID: 1 Comm: swapper Not tainted 5.18.0+ #18
 Call Trace:
  show_stack.cold+0x166/0x2a7
  __dump_stack+0x3a/0x43
  dump_stack_lvl+0x1f/0x27
  print_report.cold+0xdb/0xf81
  kasan_report+0x119/0x1f0
  kasan_check_range+0x3a3/0x440
  memcpy+0x52/0x140
  syscall_stub_data+0x70/0xe0
  write_ldt_entry+0xac/0x190
  init_new_ldt+0x515/0x960
  init_new_context+0x2c4/0x4d0
  mm_init.constprop.0+0x5ed/0x760
  mm_alloc+0x118/0x170
  0x60033f48
  do_one_initcall+0x1d7/0x860
  0x60003e7b
  kernel_init+0x6e/0x3d4
  new_thread_handler+0x1e7/0x2c0

 The buggy address belongs to stack of task swapper/1
  and is located at offset 64 in frame:
  init_new_ldt+0x0/0x960

 This frame has 2 objects:
  [32, 40) 'addr'
  [64, 80) 'desc'
 ==================================================================

Fixes: 858259cf7d ("uml: maintain own LDT entries")
Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
Cc: stable@vger.kernel.org
Signed-off-by: Richard Weinberger <richard@nod.at>
2022-05-27 09:03:41 +02:00
..
asm um: remove set_fs 2021-12-22 17:56:56 +01:00
os-Linux um: stop polluting the namespace with registers.h contents 2021-12-21 21:31:35 +01:00
shared/sysdep um: Cleanup syscall_handler_t definition/cast, fix warning 2022-03-11 10:48:03 +01:00
vdso kbuild: remove cc-option test of -fno-stack-protector 2020-07-07 11:13:10 +09:00
bugs_32.c
bugs_64.c
checksum_32.S x86: Prepare asm files for straight-line-speculation 2021-12-08 12:25:37 +01:00
delay.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
elfcore.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fault.c
Kconfig Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2022-04-01 19:57:03 -07:00
ldt.c um: Fix out-of-bounds read in LDT setup 2022-05-27 09:03:41 +02:00
Makefile uml: x86: add FORCE to user_constants.h 2021-12-21 21:13:44 +01:00
mem_32.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
mem_64.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ptrace_32.c um: stop polluting the namespace with registers.h contents 2021-12-21 21:31:35 +01:00
ptrace_64.c um: stop polluting the namespace with registers.h contents 2021-12-21 21:31:35 +01:00
ptrace_user.c
setjmp_32.S x86: Prepare asm files for straight-line-speculation 2021-12-08 12:25:37 +01:00
setjmp_64.S x86: Prepare asm files for straight-line-speculation 2021-12-08 12:25:37 +01:00
signal.c um: stop polluting the namespace with registers.h contents 2021-12-21 21:31:35 +01:00
stub_32.S um: rework userspace stubs to not hard-code stub location 2021-02-12 21:35:02 +01:00
stub_64.S um: rework userspace stubs to not hard-code stub location 2021-02-12 21:35:02 +01:00
stub_segv.c um: fix stub location calculation 2021-08-26 22:28:03 +02:00
sys_call_table_32.c uml: trim unused junk from arch/x86/um/sys_call_table_*.c 2021-12-21 21:30:44 +01:00
sys_call_table_64.c um: move amd64 variant of mmap(2) to arch/x86/um/syscalls_64.c 2021-12-21 21:30:44 +01:00
syscalls_32.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
syscalls_64.c um: Remove duplicated include in syscalls_64.c 2022-03-11 10:41:08 +01:00
sysrq_32.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/debug.h> 2017-03-02 08:42:34 +01:00
sysrq_64.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/debug.h> 2017-03-02 08:42:34 +01:00
tls_32.c um: Implement copy_thread_tls 2020-01-07 13:31:29 +01:00
tls_64.c um: Implement copy_thread_tls 2020-01-07 13:31:29 +01:00
user-offsets.c um: Allow builds with Clang 2022-03-21 08:13:03 -07:00