From 0fc36df87bf5b34faa9df009f2f10256f03b2621 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Mon, 17 Jun 2019 10:05:45 -0400 Subject: [PATCH] Fix up backported ptrace patch f6e2aa91a46d2 ("signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO") had an issue with the backport to 4.4-4.19 where part of the patch was missing, causing test failures. Restore that part. Signed-off-by: Sasha Levin --- ...rnel-memory-with-ptrace_peek_siginfo.patch | 31 ++++++++++++------- ...rnel-memory-with-ptrace_peek_siginfo.patch | 31 ++++++++++++------- ...rnel-memory-with-ptrace_peek_siginfo.patch | 31 ++++++++++++------- ...rnel-memory-with-ptrace_peek_siginfo.patch | 31 ++++++++++++------- 4 files changed, 76 insertions(+), 48 deletions(-) diff --git a/queue-4.14/signal-ptrace-don-t-leak-unitialized-kernel-memory-with-ptrace_peek_siginfo.patch b/queue-4.14/signal-ptrace-don-t-leak-unitialized-kernel-memory-with-ptrace_peek_siginfo.patch index add3d21b3f8..a0f0760a734 100644 --- a/queue-4.14/signal-ptrace-don-t-leak-unitialized-kernel-memory-with-ptrace_peek_siginfo.patch +++ b/queue-4.14/signal-ptrace-don-t-leak-unitialized-kernel-memory-with-ptrace_peek_siginfo.patch @@ -1,11 +1,10 @@ -From f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 Mon Sep 17 00:00:00 2001 +From a04231ebb7dc871253a847ac7cad335a132f8f6f Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Tue, 28 May 2019 18:46:37 -0500 -Subject: signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO +Subject: [PATCH] signal/ptrace: Don't leak unitialized kernel memory with + PTRACE_PEEK_SIGINFO -From: Eric W. Biederman - -commit f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 upstream. +[ Upstream commit f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 ] Recently syzbot in conjunction with KMSAN reported that ptrace_peek_siginfo can copy an uninitialized siginfo to userspace. @@ -32,15 +31,16 @@ Cc: stable@vger.kernel.org Reported-by: syzbot+0d602a1b0d8c95bdf299@syzkaller.appspotmail.com Fixes: 84c751bd4aeb ("ptrace: add ability to retrieve signals without removing from a queue (v4)") Signed-off-by: "Eric W. Biederman" -Signed-off-by: Greg Kroah-Hartman - +Signed-off-by: Sasha Levin --- - kernel/ptrace.c | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) + kernel/ptrace.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) +diff --git a/kernel/ptrace.c b/kernel/ptrace.c +index f1c85b6c39ae..f6b452e3c204 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c -@@ -704,6 +704,10 @@ static int ptrace_peek_siginfo(struct ta +@@ -704,6 +704,10 @@ static int ptrace_peek_siginfo(struct task_struct *child, if (arg.nr < 0) return -EINVAL; @@ -51,7 +51,7 @@ Signed-off-by: Greg Kroah-Hartman if (arg.flags & PTRACE_PEEKSIGINFO_SHARED) pending = &child->signal->shared_pending; else -@@ -711,7 +715,8 @@ static int ptrace_peek_siginfo(struct ta +@@ -711,18 +715,20 @@ static int ptrace_peek_siginfo(struct task_struct *child, for (i = 0; i < arg.nr; ) { siginfo_t info; @@ -61,7 +61,11 @@ Signed-off-by: Greg Kroah-Hartman spin_lock_irq(&child->sighand->siglock); list_for_each_entry(q, &pending->list, list) { -@@ -722,7 +727,7 @@ static int ptrace_peek_siginfo(struct ta + if (!off--) { ++ found = true; + copy_siginfo(&info, &q->info); + break; + } } spin_unlock_irq(&child->sighand->siglock); @@ -70,3 +74,6 @@ Signed-off-by: Greg Kroah-Hartman break; #ifdef CONFIG_COMPAT +-- +2.20.1 + diff --git a/queue-4.19/signal-ptrace-don-t-leak-unitialized-kernel-memory-with-ptrace_peek_siginfo.patch b/queue-4.19/signal-ptrace-don-t-leak-unitialized-kernel-memory-with-ptrace_peek_siginfo.patch index add3d21b3f8..3c82625ad32 100644 --- a/queue-4.19/signal-ptrace-don-t-leak-unitialized-kernel-memory-with-ptrace_peek_siginfo.patch +++ b/queue-4.19/signal-ptrace-don-t-leak-unitialized-kernel-memory-with-ptrace_peek_siginfo.patch @@ -1,11 +1,10 @@ -From f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 Mon Sep 17 00:00:00 2001 +From b42cadd7f67048abe889c22d5f4440128fb1b67b Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Tue, 28 May 2019 18:46:37 -0500 -Subject: signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO +Subject: [PATCH] signal/ptrace: Don't leak unitialized kernel memory with + PTRACE_PEEK_SIGINFO -From: Eric W. Biederman - -commit f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 upstream. +[ Upstream commit f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 ] Recently syzbot in conjunction with KMSAN reported that ptrace_peek_siginfo can copy an uninitialized siginfo to userspace. @@ -32,15 +31,16 @@ Cc: stable@vger.kernel.org Reported-by: syzbot+0d602a1b0d8c95bdf299@syzkaller.appspotmail.com Fixes: 84c751bd4aeb ("ptrace: add ability to retrieve signals without removing from a queue (v4)") Signed-off-by: "Eric W. Biederman" -Signed-off-by: Greg Kroah-Hartman - +Signed-off-by: Sasha Levin --- - kernel/ptrace.c | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) + kernel/ptrace.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) +diff --git a/kernel/ptrace.c b/kernel/ptrace.c +index fc0d667f5792..ed33066a9736 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c -@@ -704,6 +704,10 @@ static int ptrace_peek_siginfo(struct ta +@@ -704,6 +704,10 @@ static int ptrace_peek_siginfo(struct task_struct *child, if (arg.nr < 0) return -EINVAL; @@ -51,7 +51,7 @@ Signed-off-by: Greg Kroah-Hartman if (arg.flags & PTRACE_PEEKSIGINFO_SHARED) pending = &child->signal->shared_pending; else -@@ -711,7 +715,8 @@ static int ptrace_peek_siginfo(struct ta +@@ -711,18 +715,20 @@ static int ptrace_peek_siginfo(struct task_struct *child, for (i = 0; i < arg.nr; ) { siginfo_t info; @@ -61,7 +61,11 @@ Signed-off-by: Greg Kroah-Hartman spin_lock_irq(&child->sighand->siglock); list_for_each_entry(q, &pending->list, list) { -@@ -722,7 +727,7 @@ static int ptrace_peek_siginfo(struct ta + if (!off--) { ++ found = true; + copy_siginfo(&info, &q->info); + break; + } } spin_unlock_irq(&child->sighand->siglock); @@ -70,3 +74,6 @@ Signed-off-by: Greg Kroah-Hartman break; #ifdef CONFIG_COMPAT +-- +2.20.1 + diff --git a/queue-4.4/signal-ptrace-don-t-leak-unitialized-kernel-memory-with-ptrace_peek_siginfo.patch b/queue-4.4/signal-ptrace-don-t-leak-unitialized-kernel-memory-with-ptrace_peek_siginfo.patch index c6caad27f02..2c6685d4914 100644 --- a/queue-4.4/signal-ptrace-don-t-leak-unitialized-kernel-memory-with-ptrace_peek_siginfo.patch +++ b/queue-4.4/signal-ptrace-don-t-leak-unitialized-kernel-memory-with-ptrace_peek_siginfo.patch @@ -1,11 +1,10 @@ -From f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 Mon Sep 17 00:00:00 2001 +From 2fa64d49f16526bad6764072816e6988d58eacc4 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Tue, 28 May 2019 18:46:37 -0500 -Subject: signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO +Subject: [PATCH] signal/ptrace: Don't leak unitialized kernel memory with + PTRACE_PEEK_SIGINFO -From: Eric W. Biederman - -commit f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 upstream. +[ Upstream commit f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 ] Recently syzbot in conjunction with KMSAN reported that ptrace_peek_siginfo can copy an uninitialized siginfo to userspace. @@ -32,15 +31,16 @@ Cc: stable@vger.kernel.org Reported-by: syzbot+0d602a1b0d8c95bdf299@syzkaller.appspotmail.com Fixes: 84c751bd4aeb ("ptrace: add ability to retrieve signals without removing from a queue (v4)") Signed-off-by: "Eric W. Biederman" -Signed-off-by: Greg Kroah-Hartman - +Signed-off-by: Sasha Levin --- - kernel/ptrace.c | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) + kernel/ptrace.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) +diff --git a/kernel/ptrace.c b/kernel/ptrace.c +index 8303874c2a06..bb6db489833f 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c -@@ -673,6 +673,10 @@ static int ptrace_peek_siginfo(struct ta +@@ -673,6 +673,10 @@ static int ptrace_peek_siginfo(struct task_struct *child, if (arg.nr < 0) return -EINVAL; @@ -51,7 +51,7 @@ Signed-off-by: Greg Kroah-Hartman if (arg.flags & PTRACE_PEEKSIGINFO_SHARED) pending = &child->signal->shared_pending; else -@@ -680,7 +684,8 @@ static int ptrace_peek_siginfo(struct ta +@@ -680,18 +684,20 @@ static int ptrace_peek_siginfo(struct task_struct *child, for (i = 0; i < arg.nr; ) { siginfo_t info; @@ -61,7 +61,11 @@ Signed-off-by: Greg Kroah-Hartman spin_lock_irq(&child->sighand->siglock); list_for_each_entry(q, &pending->list, list) { -@@ -691,7 +696,7 @@ static int ptrace_peek_siginfo(struct ta + if (!off--) { ++ found = true; + copy_siginfo(&info, &q->info); + break; + } } spin_unlock_irq(&child->sighand->siglock); @@ -70,3 +74,6 @@ Signed-off-by: Greg Kroah-Hartman break; #ifdef CONFIG_COMPAT +-- +2.20.1 + diff --git a/queue-4.9/signal-ptrace-don-t-leak-unitialized-kernel-memory-with-ptrace_peek_siginfo.patch b/queue-4.9/signal-ptrace-don-t-leak-unitialized-kernel-memory-with-ptrace_peek_siginfo.patch index 4402467528e..445a637cc23 100644 --- a/queue-4.9/signal-ptrace-don-t-leak-unitialized-kernel-memory-with-ptrace_peek_siginfo.patch +++ b/queue-4.9/signal-ptrace-don-t-leak-unitialized-kernel-memory-with-ptrace_peek_siginfo.patch @@ -1,11 +1,10 @@ -From f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 Mon Sep 17 00:00:00 2001 +From 39b103390f376649e14abf4ea559c223085fcd81 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Tue, 28 May 2019 18:46:37 -0500 -Subject: signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO +Subject: [PATCH] signal/ptrace: Don't leak unitialized kernel memory with + PTRACE_PEEK_SIGINFO -From: Eric W. Biederman - -commit f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 upstream. +[ Upstream commit f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 ] Recently syzbot in conjunction with KMSAN reported that ptrace_peek_siginfo can copy an uninitialized siginfo to userspace. @@ -32,15 +31,16 @@ Cc: stable@vger.kernel.org Reported-by: syzbot+0d602a1b0d8c95bdf299@syzkaller.appspotmail.com Fixes: 84c751bd4aeb ("ptrace: add ability to retrieve signals without removing from a queue (v4)") Signed-off-by: "Eric W. Biederman" -Signed-off-by: Greg Kroah-Hartman - +Signed-off-by: Sasha Levin --- - kernel/ptrace.c | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) + kernel/ptrace.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) +diff --git a/kernel/ptrace.c b/kernel/ptrace.c +index efba851ee018..df06d2fcbb92 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c -@@ -710,6 +710,10 @@ static int ptrace_peek_siginfo(struct ta +@@ -710,6 +710,10 @@ static int ptrace_peek_siginfo(struct task_struct *child, if (arg.nr < 0) return -EINVAL; @@ -51,7 +51,7 @@ Signed-off-by: Greg Kroah-Hartman if (arg.flags & PTRACE_PEEKSIGINFO_SHARED) pending = &child->signal->shared_pending; else -@@ -717,7 +721,8 @@ static int ptrace_peek_siginfo(struct ta +@@ -717,18 +721,20 @@ static int ptrace_peek_siginfo(struct task_struct *child, for (i = 0; i < arg.nr; ) { siginfo_t info; @@ -61,7 +61,11 @@ Signed-off-by: Greg Kroah-Hartman spin_lock_irq(&child->sighand->siglock); list_for_each_entry(q, &pending->list, list) { -@@ -728,7 +733,7 @@ static int ptrace_peek_siginfo(struct ta + if (!off--) { ++ found = true; + copy_siginfo(&info, &q->info); + break; + } } spin_unlock_irq(&child->sighand->siglock); @@ -70,3 +74,6 @@ Signed-off-by: Greg Kroah-Hartman break; #ifdef CONFIG_COMPAT +-- +2.20.1 + -- 2.47.2