mirror of
https://github.com/torvalds/linux.git
synced 2024-11-01 17:51:43 +00:00
3d6e48f433
When running a 31-bit ptrace, on either an s390 or s390x kernel, reads and writes into a padding area in struct user_regs_struct32 will result in a kernel panic. This is also known as CVE-2008-1514. Test case available here: http://sources.redhat.com/cgi-bin/cvsweb.cgi/~checkout~/tests/ptrace-tests/tests/user-area-padding.c?cvsroot=systemtap Steps to reproduce: 1) wget the above 2) gcc -o user-area-padding-31bit user-area-padding.c -Wall -ggdb2 -D_GNU_SOURCE -m31 3) ./user-area-padding-31bit <panic> Test status ----------- Without patch, both s390 and s390x kernels panic. With patch, the test case, as well as the gdb testsuite, pass without incident, padding area reads returning zero, writes ignored. Nb: original version returned -EINVAL on write attempts, which broke the gdb test and made the test case slightly unhappy, Jan Kratochvil suggested the change to return 0 on write attempts. Signed-off-by: Jarod Wilson <jarod@redhat.com> Tested-by: Jan Kratochvil <jan.kratochvil@redhat.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> |
||
---|---|---|
.. | ||
alpha | ||
arm | ||
avr32 | ||
blackfin | ||
cris | ||
frv | ||
h8300 | ||
ia64 | ||
m32r | ||
m68k | ||
m68knommu | ||
mips | ||
mn10300 | ||
parisc | ||
powerpc | ||
s390 | ||
sh | ||
sparc | ||
sparc64 | ||
um | ||
x86 | ||
xtensa | ||
.gitignore | ||
Kconfig |