diff options
| author | Al Viro <viro@ZenIV.linux.org.uk> | 2016-09-15 02:35:29 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2016-09-24 10:09:38 +0200 |
| commit | 7642cc2430ba942c773f3faef8f913bcbd363311 (patch) | |
| tree | 14c88d87658c28c2412b44b77af740faf4dbe97a | |
| parent | 970509fa0ba67f00b984b54d15d35d25824fe912 (diff) | |
| download | lwn-7642cc2430ba942c773f3faef8f913bcbd363311.tar.gz lwn-7642cc2430ba942c773f3faef8f913bcbd363311.zip | |
fix minor infoleak in get_user_ex()
commit 1c109fabbd51863475cd12ac206bdd249aee35af upstream.
get_user_ex(x, ptr) should zero x on failure. It's not a lot of a leak
(at most we are leaking uninitialized 64bit value off the kernel stack,
and in a fairly constrained situation, at that), but the fix is trivial,
so...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[ This sat in different branch from the uaccess fixes since mid-August ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | arch/x86/include/asm/uaccess.h | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h index 2982387ba817..0328c2ccc55d 100644 --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h @@ -414,7 +414,11 @@ do { \ #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \ asm volatile("1: mov"itype" %1,%"rtype"0\n" \ "2:\n" \ - _ASM_EXTABLE_EX(1b, 2b) \ + ".section .fixup,\"ax\"\n" \ + "3:xor"itype" %"rtype"0,%"rtype"0\n" \ + " jmp 2b\n" \ + ".previous\n" \ + _ASM_EXTABLE_EX(1b, 3b) \ : ltype(x) : "m" (__m(addr))) #define __put_user_nocheck(x, ptr, size) \ |