summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
5478867)
f6e2aa91a46d2 ("signal/ptrace: Don't leak unitialized kernel memory with
PTRACE_PEEK_SIGINFO") had an issue with the backport to 4.4-4.19 where
part of the patch was missing, causing test failures. Restore that part.
Signed-off-by: Sasha Levin <sashal@kernel.org>
-From f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 Mon Sep 17 00:00:00 2001
+From a04231ebb7dc871253a847ac7cad335a132f8f6f Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Tue, 28 May 2019 18:46:37 -0500
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Tue, 28 May 2019 18:46:37 -0500
-Subject: signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO
+Subject: [PATCH] signal/ptrace: Don't leak unitialized kernel memory with
+ PTRACE_PEEK_SIGINFO
-From: Eric W. Biederman <ebiederm@xmission.com>
-
-commit f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 upstream.
+[ Upstream commit f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 ]
Recently syzbot in conjunction with KMSAN reported that
ptrace_peek_siginfo can copy an uninitialized siginfo to userspace.
Recently syzbot in conjunction with KMSAN reported that
ptrace_peek_siginfo can copy an uninitialized siginfo to userspace.
Reported-by: syzbot+0d602a1b0d8c95bdf299@syzkaller.appspotmail.com
Fixes: 84c751bd4aeb ("ptrace: add ability to retrieve signals without removing from a queue (v4)")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Reported-by: syzbot+0d602a1b0d8c95bdf299@syzkaller.appspotmail.com
Fixes: 84c751bd4aeb ("ptrace: add ability to retrieve signals without removing from a queue (v4)")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
+Signed-off-by: Sasha Levin <sashal@kernel.org>
- kernel/ptrace.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
+ kernel/ptrace.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+diff --git a/kernel/ptrace.c b/kernel/ptrace.c
+index f1c85b6c39ae..f6b452e3c204 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
-@@ -704,6 +704,10 @@ static int ptrace_peek_siginfo(struct ta
+@@ -704,6 +704,10 @@ static int ptrace_peek_siginfo(struct task_struct *child,
if (arg.nr < 0)
return -EINVAL;
if (arg.nr < 0)
return -EINVAL;
if (arg.flags & PTRACE_PEEKSIGINFO_SHARED)
pending = &child->signal->shared_pending;
else
if (arg.flags & PTRACE_PEEKSIGINFO_SHARED)
pending = &child->signal->shared_pending;
else
-@@ -711,7 +715,8 @@ static int ptrace_peek_siginfo(struct ta
+@@ -711,18 +715,20 @@ static int ptrace_peek_siginfo(struct task_struct *child,
for (i = 0; i < arg.nr; ) {
siginfo_t info;
for (i = 0; i < arg.nr; ) {
siginfo_t info;
spin_lock_irq(&child->sighand->siglock);
list_for_each_entry(q, &pending->list, list) {
spin_lock_irq(&child->sighand->siglock);
list_for_each_entry(q, &pending->list, list) {
-@@ -722,7 +727,7 @@ static int ptrace_peek_siginfo(struct ta
+ if (!off--) {
++ found = true;
+ copy_siginfo(&info, &q->info);
+ break;
+ }
}
spin_unlock_irq(&child->sighand->siglock);
}
spin_unlock_irq(&child->sighand->siglock);
break;
#ifdef CONFIG_COMPAT
break;
#ifdef CONFIG_COMPAT
-From f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 Mon Sep 17 00:00:00 2001
+From b42cadd7f67048abe889c22d5f4440128fb1b67b Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Tue, 28 May 2019 18:46:37 -0500
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Tue, 28 May 2019 18:46:37 -0500
-Subject: signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO
+Subject: [PATCH] signal/ptrace: Don't leak unitialized kernel memory with
+ PTRACE_PEEK_SIGINFO
-From: Eric W. Biederman <ebiederm@xmission.com>
-
-commit f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 upstream.
+[ Upstream commit f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 ]
Recently syzbot in conjunction with KMSAN reported that
ptrace_peek_siginfo can copy an uninitialized siginfo to userspace.
Recently syzbot in conjunction with KMSAN reported that
ptrace_peek_siginfo can copy an uninitialized siginfo to userspace.
Reported-by: syzbot+0d602a1b0d8c95bdf299@syzkaller.appspotmail.com
Fixes: 84c751bd4aeb ("ptrace: add ability to retrieve signals without removing from a queue (v4)")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Reported-by: syzbot+0d602a1b0d8c95bdf299@syzkaller.appspotmail.com
Fixes: 84c751bd4aeb ("ptrace: add ability to retrieve signals without removing from a queue (v4)")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
+Signed-off-by: Sasha Levin <sashal@kernel.org>
- kernel/ptrace.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
+ kernel/ptrace.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+diff --git a/kernel/ptrace.c b/kernel/ptrace.c
+index fc0d667f5792..ed33066a9736 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
-@@ -704,6 +704,10 @@ static int ptrace_peek_siginfo(struct ta
+@@ -704,6 +704,10 @@ static int ptrace_peek_siginfo(struct task_struct *child,
if (arg.nr < 0)
return -EINVAL;
if (arg.nr < 0)
return -EINVAL;
if (arg.flags & PTRACE_PEEKSIGINFO_SHARED)
pending = &child->signal->shared_pending;
else
if (arg.flags & PTRACE_PEEKSIGINFO_SHARED)
pending = &child->signal->shared_pending;
else
-@@ -711,7 +715,8 @@ static int ptrace_peek_siginfo(struct ta
+@@ -711,18 +715,20 @@ static int ptrace_peek_siginfo(struct task_struct *child,
for (i = 0; i < arg.nr; ) {
siginfo_t info;
for (i = 0; i < arg.nr; ) {
siginfo_t info;
spin_lock_irq(&child->sighand->siglock);
list_for_each_entry(q, &pending->list, list) {
spin_lock_irq(&child->sighand->siglock);
list_for_each_entry(q, &pending->list, list) {
-@@ -722,7 +727,7 @@ static int ptrace_peek_siginfo(struct ta
+ if (!off--) {
++ found = true;
+ copy_siginfo(&info, &q->info);
+ break;
+ }
}
spin_unlock_irq(&child->sighand->siglock);
}
spin_unlock_irq(&child->sighand->siglock);
break;
#ifdef CONFIG_COMPAT
break;
#ifdef CONFIG_COMPAT
-From f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 Mon Sep 17 00:00:00 2001
+From 2fa64d49f16526bad6764072816e6988d58eacc4 Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Tue, 28 May 2019 18:46:37 -0500
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Tue, 28 May 2019 18:46:37 -0500
-Subject: signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO
+Subject: [PATCH] signal/ptrace: Don't leak unitialized kernel memory with
+ PTRACE_PEEK_SIGINFO
-From: Eric W. Biederman <ebiederm@xmission.com>
-
-commit f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 upstream.
+[ Upstream commit f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 ]
Recently syzbot in conjunction with KMSAN reported that
ptrace_peek_siginfo can copy an uninitialized siginfo to userspace.
Recently syzbot in conjunction with KMSAN reported that
ptrace_peek_siginfo can copy an uninitialized siginfo to userspace.
Reported-by: syzbot+0d602a1b0d8c95bdf299@syzkaller.appspotmail.com
Fixes: 84c751bd4aeb ("ptrace: add ability to retrieve signals without removing from a queue (v4)")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Reported-by: syzbot+0d602a1b0d8c95bdf299@syzkaller.appspotmail.com
Fixes: 84c751bd4aeb ("ptrace: add ability to retrieve signals without removing from a queue (v4)")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
+Signed-off-by: Sasha Levin <sashal@kernel.org>
- kernel/ptrace.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
+ kernel/ptrace.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+diff --git a/kernel/ptrace.c b/kernel/ptrace.c
+index 8303874c2a06..bb6db489833f 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
-@@ -673,6 +673,10 @@ static int ptrace_peek_siginfo(struct ta
+@@ -673,6 +673,10 @@ static int ptrace_peek_siginfo(struct task_struct *child,
if (arg.nr < 0)
return -EINVAL;
if (arg.nr < 0)
return -EINVAL;
if (arg.flags & PTRACE_PEEKSIGINFO_SHARED)
pending = &child->signal->shared_pending;
else
if (arg.flags & PTRACE_PEEKSIGINFO_SHARED)
pending = &child->signal->shared_pending;
else
-@@ -680,7 +684,8 @@ static int ptrace_peek_siginfo(struct ta
+@@ -680,18 +684,20 @@ static int ptrace_peek_siginfo(struct task_struct *child,
for (i = 0; i < arg.nr; ) {
siginfo_t info;
for (i = 0; i < arg.nr; ) {
siginfo_t info;
spin_lock_irq(&child->sighand->siglock);
list_for_each_entry(q, &pending->list, list) {
spin_lock_irq(&child->sighand->siglock);
list_for_each_entry(q, &pending->list, list) {
-@@ -691,7 +696,7 @@ static int ptrace_peek_siginfo(struct ta
+ if (!off--) {
++ found = true;
+ copy_siginfo(&info, &q->info);
+ break;
+ }
}
spin_unlock_irq(&child->sighand->siglock);
}
spin_unlock_irq(&child->sighand->siglock);
break;
#ifdef CONFIG_COMPAT
break;
#ifdef CONFIG_COMPAT
-From f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 Mon Sep 17 00:00:00 2001
+From 39b103390f376649e14abf4ea559c223085fcd81 Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Tue, 28 May 2019 18:46:37 -0500
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Tue, 28 May 2019 18:46:37 -0500
-Subject: signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO
+Subject: [PATCH] signal/ptrace: Don't leak unitialized kernel memory with
+ PTRACE_PEEK_SIGINFO
-From: Eric W. Biederman <ebiederm@xmission.com>
-
-commit f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 upstream.
+[ Upstream commit f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 ]
Recently syzbot in conjunction with KMSAN reported that
ptrace_peek_siginfo can copy an uninitialized siginfo to userspace.
Recently syzbot in conjunction with KMSAN reported that
ptrace_peek_siginfo can copy an uninitialized siginfo to userspace.
Reported-by: syzbot+0d602a1b0d8c95bdf299@syzkaller.appspotmail.com
Fixes: 84c751bd4aeb ("ptrace: add ability to retrieve signals without removing from a queue (v4)")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Reported-by: syzbot+0d602a1b0d8c95bdf299@syzkaller.appspotmail.com
Fixes: 84c751bd4aeb ("ptrace: add ability to retrieve signals without removing from a queue (v4)")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
+Signed-off-by: Sasha Levin <sashal@kernel.org>
- kernel/ptrace.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
+ kernel/ptrace.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+diff --git a/kernel/ptrace.c b/kernel/ptrace.c
+index efba851ee018..df06d2fcbb92 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
-@@ -710,6 +710,10 @@ static int ptrace_peek_siginfo(struct ta
+@@ -710,6 +710,10 @@ static int ptrace_peek_siginfo(struct task_struct *child,
if (arg.nr < 0)
return -EINVAL;
if (arg.nr < 0)
return -EINVAL;
if (arg.flags & PTRACE_PEEKSIGINFO_SHARED)
pending = &child->signal->shared_pending;
else
if (arg.flags & PTRACE_PEEKSIGINFO_SHARED)
pending = &child->signal->shared_pending;
else
-@@ -717,7 +721,8 @@ static int ptrace_peek_siginfo(struct ta
+@@ -717,18 +721,20 @@ static int ptrace_peek_siginfo(struct task_struct *child,
for (i = 0; i < arg.nr; ) {
siginfo_t info;
for (i = 0; i < arg.nr; ) {
siginfo_t info;
spin_lock_irq(&child->sighand->siglock);
list_for_each_entry(q, &pending->list, list) {
spin_lock_irq(&child->sighand->siglock);
list_for_each_entry(q, &pending->list, list) {
-@@ -728,7 +733,7 @@ static int ptrace_peek_siginfo(struct ta
+ if (!off--) {
++ found = true;
+ copy_siginfo(&info, &q->info);
+ break;
+ }
}
spin_unlock_irq(&child->sighand->siglock);
}
spin_unlock_irq(&child->sighand->siglock);
break;
#ifdef CONFIG_COMPAT
break;
#ifdef CONFIG_COMPAT