Re: Potential information leak in save_xstate_epilog()

From: Bae, Chang Seok
Date: Mon Dec 06 2021 - 13:35:30 EST

Next message: Gabriel L. Somlo: "Re: [PATCH v2 3/3] mmc: Add driver for LiteX's LiteSDCard interface"
Previous message: Suren Baghdasaryan: "Re: [PATCH v2 1/2] mm: protect free_pgtables with mmap_lock write lock in exit_mmap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Nov 26, 2021, at 03:06, Alexander Potapenko <glider@xxxxxxxxxx> wrote:
>
> Hi Chang, Thomas, Borislav,
>
> "x86/fpu/signal: Prepare for variable sigframe length" has presumably
> introduced an information leak to the userspace.
>
> According to https://elixir.bootlin.com/linux/v5.16-rc2/source/arch/x86/kernel/fpu/signal.c#L126,
> save_sw_bytes() only initializes the first 20 bytes of sw_bytes, but
> then the whole struct is copied to the userspace.

Looks like your fix was picked already though, thank you for catching this!

Thanks,
Chang

Next message: Gabriel L. Somlo: "Re: [PATCH v2 3/3] mmc: Add driver for LiteX's LiteSDCard interface"
Previous message: Suren Baghdasaryan: "Re: [PATCH v2 1/2] mm: protect free_pgtables with mmap_lock write lock in exit_mmap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]