leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
52d0b8b18776f184c53632c5e0068201491cdb61
linux/arch/x86/kernel
History
Marco Elver 52d0b8b187 x86/fpu/signal: Initialize sw_bytes in save_xstate_epilog() 
save_sw_bytes() did not fully initialize sw_bytes, which caused KMSAN
to report an infoleak (see below).
Initialize sw_bytes explicitly to avoid this.

KMSAN report follows:

=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user ./include/linux/instrumented.h:121
BUG: KMSAN: kernel-infoleak in __copy_to_user ./include/linux/uaccess.h:154
BUG: KMSAN: kernel-infoleak in save_xstate_epilog+0x2df/0x510 arch/x86/kernel/fpu/signal.c:127
 instrument_copy_to_user ./include/linux/instrumented.h:121
 __copy_to_user ./include/linux/uaccess.h:154
 save_xstate_epilog+0x2df/0x510 arch/x86/kernel/fpu/signal.c:127
 copy_fpstate_to_sigframe+0x861/0xb60 arch/x86/kernel/fpu/signal.c:245
 get_sigframe+0x656/0x7e0 arch/x86/kernel/signal.c:296
 __setup_rt_frame+0x14d/0x2a60 arch/x86/kernel/signal.c:471
 setup_rt_frame arch/x86/kernel/signal.c:781
 handle_signal arch/x86/kernel/signal.c:825
 arch_do_signal_or_restart+0x417/0xdd0 arch/x86/kernel/signal.c:870
 handle_signal_work kernel/entry/common.c:149
 exit_to_user_mode_loop+0x1f6/0x490 kernel/entry/common.c:173
 exit_to_user_mode_prepare kernel/entry/common.c:208
 __syscall_exit_to_user_mode_work kernel/entry/common.c:290
 syscall_exit_to_user_mode+0x7e/0xc0 kernel/entry/common.c:302
 do_syscall_64+0x60/0xd0 arch/x86/entry/common.c:88
 entry_SYSCALL_64_after_hwframe+0x44/0xae ??:?

Local variable sw_bytes created at:
 save_xstate_epilog+0x80/0x510 arch/x86/kernel/fpu/signal.c:121
 copy_fpstate_to_sigframe+0x861/0xb60 arch/x86/kernel/fpu/signal.c:245

Bytes 20-47 of 48 are uninitialized
Memory access of size 48 starts at ffff8880801d3a18
Data copied to user address 00007ffd90e2ef50
=====================================================

Link: https://lore.kernel.org/all/CAG_fn=V9T6OKPonSjsi9PmWB0hMHFC=yawozdft8i1-MSxrv=w@mail.gmail.com/
Fixes: 53599b4d54 ("x86/fpu/signal: Prepare for variable sigframe length")
Reported-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Marco Elver <elver@google.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Tested-by: Alexander Potapenko <glider@google.com>
Link: https://lkml.kernel.org/r/20211126124746.761278-1-glider@google.com
2021-11-30 15:13:47 -08:00
..
acpi
x86: ACPI: cstate: Optimize C3 entry on AMD CPUs
2021-10-01 20:44:31 +02:00
apic
x86/apic: Reduce cache line misses in __x2apic_send_IPI_mask()
2021-10-29 10:02:17 +02:00
cpu
Merge tag 'x86-urgent-2021-11-21' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2021-11-21 11:25:19 -08:00
fpu
x86/fpu/signal: Initialize sw_bytes in save_xstate_epilog()
2021-11-30 15:13:47 -08:00
kprobes
ftrace: disable preemption when recursion locked
2021-10-27 11:21:49 -04:00
.gitignore
alternative.c
x86/alternative: Add debug prints to apply_retpolines()
2021-10-28 23:25:28 +02:00
amd_gart_64.c
x86/amd_gart: don't set failed sg dma_address to DMA_MAPPING_ERROR
2021-08-09 17:13:06 +02:00
amd_nb.c
hwmon: (k10temp) Add support for yellow carp
2021-08-27 13:54:58 -07:00
aperture_64.c
proc/vmcore: convert oldmem_pfn_is_ram callback to more generic vmcore callbacks
2021-11-09 10:02:48 -08:00
apm_32.c
x86: Fix various typos in comments, take #2
2021-03-21 23:50:28 +01:00
asm-offsets_32.c
x86/stackprotector/32: Make the canary into a regular percpu variable
2021-03-08 13:19:05 +01:00
asm-offsets_64.c
x86/xen: Drop USERGS_SYSRET64 paravirt call
2021-02-10 12:32:07 +01:00
asm-offsets.c
x86/paravirt: Switch iret pvops to ALTERNATIVE
2021-03-11 19:58:54 +01:00
audit_64.c
audit: add support for the openat2 syscall
2021-10-01 16:52:48 -04:00
bootflag.c
cc_platform.c
x86/sev: Add an x86 version of cc_platform_has()
2021-10-04 11:46:20 +02:00
check.c
cpuid.c
smp: Cleanup smp_call_function*()
2020-11-24 16:47:49 +01:00
crash_core_32.c
crash_core_64.c
crash_dump_32.c
x86/crashdump/32: Simplify copy_oldmem_page()
2020-11-24 14:42:09 +01:00
crash_dump_64.c
x86/sev: Replace occurrences of sev_active() with cc_platform_has()
2021-10-04 11:46:58 +02:00
crash.c
x86/crash: Remove crash_reserve_low_1M()
2021-06-07 12:14:45 +02:00
devicetree.c
Merge tag 'devicetree-for-5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux
2021-11-02 22:22:13 -07:00
doublefault_32.c
exit/doublefault: Remove apparently bogus comment about rewind_stack_do_exit
2021-10-20 13:09:43 -05:00
dumpstack_32.c
dumpstack_64.c
x86/mm/64: Improve stack overflow warnings
2021-09-21 13:57:43 +02:00
dumpstack.c
x86/dumpstack: use %pSb/%pBb for backtrace printing
2021-07-08 11:48:22 -07:00
e820.c
Merge tag 'pm-5.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
2021-04-26 15:10:25 -07:00
early_printk.c
early-quirks.c
x86/hpet: Use another crystalball to evaluate HPET usability
2021-10-01 13:38:13 +02:00
ebda.c
eisa.c
espfix_64.c
ftrace_32.S
ftrace_64.S
x86/ftrace: Make function graph use ftrace directly
2021-10-20 23:44:43 -04:00
ftrace.c
x86/ftrace: Make function graph use ftrace directly
2021-10-20 23:44:43 -04:00
head32.c
head64.c
treewide: Replace the use of mem_encrypt_active() with cc_platform_has()
2021-10-04 11:47:24 +02:00
head_32.S
printk: Userspace format indexing support
2021-07-19 11:57:48 +02:00
head_64.S
x86/entry: Unify definitions from <asm/calling.h> and <asm/ptrace-abi.h>
2021-05-12 10:49:13 +02:00
hpet.c
x86/hpet: Use another crystalball to evaluate HPET usability
2021-10-01 13:38:13 +02:00
hw_breakpoint.c
x86/debug: Prevent data breakpoints on cpu_dr7
2021-02-05 20:13:12 +01:00
i8237.c
i8253.c
i8259.c
x86: Avoid magic number with ELCR register accesses
2021-08-10 23:31:43 +02:00
idt.c
Merge tag 'x86-irq-2021-06-29' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2021-06-29 12:36:59 -07:00
io_delay.c
ioport.c
irq_32.c
x86/softirq: Disable softirq stacks on PREEMPT_RT
2021-09-27 12:28:32 +02:00
irq_64.c
x86/softirq/64: Inline do_softirq_own_stack()
2021-02-10 23:34:17 +01:00
irq_work.c
irq.c
x86/irq: Ensure PI wakeup handler is unregistered before module unload
2021-10-22 12:45:35 -04:00
irqflags.S
x86/xen: Make save_fl() noinstr
2021-09-17 13:14:44 +02:00
irqinit.c
x86/headers: Remove APIC headers from <asm/smp.h>
2020-08-06 16:13:09 +02:00
itmt.c
x86/sched: Decrease further the priorities of SMT siblings
2021-10-05 15:51:59 +02:00
jailhouse.c
locking/seqlock, headers: Untangle the spaghetti monster
2020-08-06 16:13:13 +02:00
jump_label.c
jump_labels: Mark __jump_label_transform() as __always_inlined to work around aggressive compiler un-inlining
2021-07-13 06:32:05 +02:00
kdebugfs.c
kexec-bzimage64.c
x86: Use ELF fields defined in 'struct kimage'
2021-03-08 12:06:29 -07:00
kgdb.c
x86: Fix various typos in comments
2021-03-18 15:31:53 +01:00
ksysfs.c
kvm.c
Merge branch 'kvm-5.16-fixes' into kvm-master
2021-11-11 11:03:05 -05:00
kvmclock.c
x86/sev: Replace occurrences of sev_active() with cc_platform_has()
2021-10-04 11:46:58 +02:00
ldt.c
memcg: enable accounting for ldt_struct objects
2021-09-03 09:58:13 -07:00
machine_kexec_32.c
x86/kexec: Set_[gi]dt() -> native_[gi]dt_invalidate() in machine_kexec_*.c
2021-05-21 12:36:45 +02:00
machine_kexec_64.c
x86/sev: Replace occurrences of sev_active() with cc_platform_has()
2021-10-04 11:46:58 +02:00
Makefile
x86/sev: Add an x86 version of cc_platform_has()
2021-10-04 11:46:20 +02:00
mmconf-fam10h_64.c
x86/msr: Rename MSR_K8_SYSCFG to MSR_AMD64_SYSCFG
2021-05-10 07:51:38 +02:00
module.c
x86/alternative: Implement .retpoline_sites support
2021-10-28 23:25:27 +02:00
mpparse.c
x86: Avoid magic number with ELCR register accesses
2021-08-10 23:31:43 +02:00
msr.c
x86/MSR: Filter MSR writes through X86_IOC_WRMSR_REGS ioctl too
2021-01-27 19:06:47 +01:00
nmi_selftest.c
nmi.c
x86/sev-es: Rename sev-es.{ch} to sev.{ch}
2021-05-10 07:40:27 +02:00
paravirt-spinlocks.c
x86/paravirt: Add new features for paravirt patching
2021-03-11 19:51:49 +01:00
paravirt.c
Merge branch 'kvm-guest-sev-migration' into kvm-master
2021-11-11 07:40:26 -05:00
pci-dma.c
dma-mapping: move dma-debug.h to kernel/dma/
2020-10-06 07:07:05 +02:00
pci-iommu_table.c
x86: Remove definition of DEBUG
2021-01-15 08:23:10 +01:00
pci-swiotlb.c
x86/sme: Replace occurrences of sme_active() with cc_platform_has()
2021-10-04 11:46:46 +02:00
pcspeaker.c
perf_regs.c
Merge tag 'x86_cleanups_for_v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2020-12-14 13:45:26 -08:00
platform-quirks.c
pmem.c
probe_roms.c
x86/pci/probe_roms: Use to_pci_driver() instead of pci_dev->driver
2021-10-18 09:20:15 -05:00
process_32.c
x86/fpu: Move context switch and exit to user inlines into sched.h
2021-10-20 15:27:27 +02:00
process_64.c
x86/fpu: Move context switch and exit to user inlines into sched.h
2021-10-20 15:27:27 +02:00
process.c
x86: Pin task-stack in __get_wchan()
2021-11-19 10:14:57 -08:00
process.h
ptrace.c
x86/fpu: Remove internal.h dependency from fpu/signal.h
2021-10-20 15:27:29 +02:00
pvclock.c
x86: Fix various typos in comments
2021-03-18 15:31:53 +01:00
quirks.c
x86, powerpc: Rename memcpy_mcsafe() to copy_mc_to_{user, kernel}()
2020-10-06 11:18:04 +02:00
reboot_fixups_32.c
reboot.c
x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
2021-08-12 12:06:58 +02:00
relocate_kernel_32.S
x86: Fix various typos in comments, take #2
2021-03-21 23:50:28 +01:00
relocate_kernel_64.S
x86/sme: Replace occurrences of sme_active() with cc_platform_has()
2021-10-04 11:46:46 +02:00
resource.c
rtc.c
setup_percpu.c
memblock: use memblock_free for freeing virtual pointers
2021-11-06 13:30:41 -07:00
setup.c
x86/boot: Mark prepare_command_line() __init
2021-11-24 12:20:24 +01:00
sev_verify_cbit.S
x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path
2020-10-29 18:06:52 +01:00
sev-shared.c
Merge tag 'x86_sev_for_v5.16_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2021-11-01 15:52:26 -07:00
sev.c
Merge tag 'x86_core_for_v5.16_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2021-11-02 07:56:47 -07:00
signal_compat.c
signal: Verify the alignment and size of siginfo_t
2021-07-23 13:15:31 -05:00
signal.c
x86/signal: Use fpu::__state_user_size for sigalt stack validation
2021-10-26 10:18:09 +02:00
smp.c
x86: Fix various typos in comments, take #2
2021-03-21 23:50:28 +01:00
smpboot.c
x86/smp: Factor out parts of native_smp_prepare_cpus()
2021-11-11 13:09:32 +01:00
stacktrace.c
stacktrace: Move documentation for arch_stack_walk_reliable() to header
2021-03-10 15:52:31 +01:00
static_call.c
static_call,x86: Robustify trampoline patching
2021-11-11 13:09:31 +01:00
step.c
entry: Ensure trap after single-step on system call return
2021-02-06 00:21:42 +01:00
sys_ia32.c
x86: switch to kernel_clone()
2020-08-20 13:12:58 +02:00
sys_x86_64.c
x86/mm: Refine mmap syscall implementation
2021-01-05 19:07:42 +01:00
tboot.c
x86/boot/tboot: Avoid Wstringop-overread-warning
2021-03-23 00:16:13 +01:00
time.c
tls.c
x86/stackprotector/32: Make the canary into a regular percpu variable
2021-03-08 13:19:05 +01:00
tls.h
x86: switch to ->regset_get()
2020-07-27 14:31:07 -04:00
topology.c
x86: Fix various typos in comments
2021-03-18 15:31:53 +01:00
trace_clock.c
trace.c
trace/osnoise: Fix an ifdef comment
2021-10-25 23:02:36 -04:00
tracepoint.c
traps.c
Merge tag 'x86_core_for_v5.16_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2021-11-02 07:56:47 -07:00
tsc_msr.c
Merge tag 'x86-urgent-2020-08-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2020-08-15 10:38:03 -07:00
tsc_sync.c
x86: Fix various typos in comments, take #2
2021-03-21 23:50:28 +01:00
tsc.c
clocksource: Reduce clocksource-skew threshold
2021-06-22 16:53:16 +02:00
umip.c
x86/umip: Downgrade warning messages to debug loglevel
2021-09-25 13:23:28 +02:00
unwind_frame.c
x86/unwind: Recover kretprobe trampoline entry
2021-09-30 21:24:07 -04:00
unwind_guess.c
x86/unwind: Recover kretprobe trampoline entry
2021-09-30 21:24:07 -04:00
unwind_orc.c
Merge branch 'akpm' (patches from Andrew)
2021-11-09 10:11:53 -08:00
uprobes.c
x86/uprobes: Convert to insn_decode()
2021-03-15 12:05:03 +01:00
verify_cpu.S
vm86_32.c
signal: Replace force_fatal_sig with force_exit_sig when in doubt
2021-11-19 09:15:58 -06:00
vmlinux.lds.S
objtool,x86: Replace alternatives with .retpoline_sites
2021-10-28 23:25:25 +02:00
vsmp_64.c
x86_init.c
x86/apic: Support 15 bits of APIC ID in MSI where available
2020-10-28 20:26:29 +01:00