diff options
| author | Alexandre Oliva <lxoliva@fsfla.org> | 2014-08-03 03:28:27 +0000 |
|---|---|---|
| committer | Alexandre Oliva <lxoliva@fsfla.org> | 2014-08-03 03:28:27 +0000 |
| commit | 5409b4c779860b1aa6ee70a7ad5099807194a031 (patch) | |
| tree | 2f6b984b1e194790b55a2a0374570e6aa6c9c3f2 /freed-ora/current/f20/s390-ptrace-fix-PSW-mask-check.patch | |
| parent | 04f3ef7ef5efafe2bdcbb99c2eb89b7360fb9376 (diff) | |
| download | linux-libre-raptor-5409b4c779860b1aa6ee70a7ad5099807194a031.tar.gz linux-libre-raptor-5409b4c779860b1aa6ee70a7ad5099807194a031.zip | |
3.15.8-200.fc20.gnu
Diffstat (limited to 'freed-ora/current/f20/s390-ptrace-fix-PSW-mask-check.patch')
| -rw-r--r-- | freed-ora/current/f20/s390-ptrace-fix-PSW-mask-check.patch | 59 |
1 files changed, 0 insertions, 59 deletions
diff --git a/freed-ora/current/f20/s390-ptrace-fix-PSW-mask-check.patch b/freed-ora/current/f20/s390-ptrace-fix-PSW-mask-check.patch deleted file mode 100644 index 9d5484049..000000000 --- a/freed-ora/current/f20/s390-ptrace-fix-PSW-mask-check.patch +++ /dev/null @@ -1,59 +0,0 @@ -Bugzilla: 1122612 -Upstream-status: 3.16 and CC'd to stable - -From dab6cf55f81a6e16b8147aed9a843e1691dcd318 Mon Sep 17 00:00:00 2001 -From: Martin Schwidefsky <schwidefsky@de.ibm.com> -Date: Mon, 23 Jun 2014 15:29:40 +0200 -Subject: [PATCH] s390/ptrace: fix PSW mask check - -The PSW mask check of the PTRACE_POKEUSR_AREA command is incorrect. -The PSW_MASK_USER define contains the PSW_MASK_ASC bits, the ptrace -interface accepts all combinations for the address-space-control -bits. To protect the kernel space the PSW mask check in ptrace needs -to reject the address-space-control bit combination for home space. - -Fixes CVE-2014-3534 - -Cc: stable@vger.kernel.org -Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> ---- - arch/s390/kernel/ptrace.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c -index 2d716734b5b1..5dc7ad9e2fbf 100644 ---- a/arch/s390/kernel/ptrace.c -+++ b/arch/s390/kernel/ptrace.c -@@ -334,9 +334,14 @@ static int __poke_user(struct task_struct *child, addr_t addr, addr_t data) - unsigned long mask = PSW_MASK_USER; - - mask |= is_ri_task(child) ? PSW_MASK_RI : 0; -- if ((data & ~mask) != PSW_USER_BITS) -+ if ((data ^ PSW_USER_BITS) & ~mask) -+ /* Invalid psw mask. */ -+ return -EINVAL; -+ if ((data & PSW_MASK_ASC) == PSW_ASC_HOME) -+ /* Invalid address-space-control bits */ - return -EINVAL; - if ((data & PSW_MASK_EA) && !(data & PSW_MASK_BA)) -+ /* Invalid addressing mode bits */ - return -EINVAL; - } - *(addr_t *)((addr_t) &task_pt_regs(child)->psw + addr) = data; -@@ -672,9 +677,12 @@ static int __poke_user_compat(struct task_struct *child, - - mask |= is_ri_task(child) ? PSW32_MASK_RI : 0; - /* Build a 64 bit psw mask from 31 bit mask. */ -- if ((tmp & ~mask) != PSW32_USER_BITS) -+ if ((tmp ^ PSW32_USER_BITS) & ~mask) - /* Invalid psw mask. */ - return -EINVAL; -+ if ((data & PSW32_MASK_ASC) == PSW32_ASC_HOME) -+ /* Invalid address-space-control bits */ -+ return -EINVAL; - regs->psw.mask = (regs->psw.mask & ~PSW_MASK_USER) | - (regs->psw.mask & PSW_MASK_BA) | - (__u64)(tmp & mask) << 32; --- -1.9.3 - |
