[x86] ptrace: fix up botched merge of spectrev1 fix (CVE-2019-15902)
This commit is contained in:
parent
78f0b2574a
commit
c0096a08f9
|
@ -7,6 +7,7 @@ linux (4.19.67-2+deb10u1) UNRELEASED; urgency=medium
|
|||
|
||||
[ Salvatore Bonaccorso ]
|
||||
* vhost: make sure log_num < in_num (CVE-2019-14835)
|
||||
* [x86] ptrace: fix up botched merge of spectrev1 fix (CVE-2019-15902)
|
||||
|
||||
-- Romain Perier <romain.perier@gmail.com> Wed, 28 Aug 2019 13:28:09 +0200
|
||||
|
||||
|
|
44
debian/patches/bugfix/x86/x86-ptrace-fix-up-botched-merge-of-spectrev1-fix.patch
vendored
Normal file
44
debian/patches/bugfix/x86/x86-ptrace-fix-up-botched-merge-of-spectrev1-fix.patch
vendored
Normal file
|
@ -0,0 +1,44 @@
|
|||
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||||
Date: Wed, 4 Sep 2019 12:27:18 +0200
|
||||
Subject: x86/ptrace: fix up botched merge of spectrev1 fix
|
||||
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=69f692bb7e684592aaba779299bc576626d414b4
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-15902
|
||||
|
||||
I incorrectly merged commit 31a2fbb390fe ("x86/ptrace: Fix possible
|
||||
spectre-v1 in ptrace_get_debugreg()") when backporting it, as was
|
||||
graciously pointed out at
|
||||
https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php
|
||||
|
||||
Resolve the upstream difference with the stable kernel merge to properly
|
||||
protect things.
|
||||
|
||||
Reported-by: Brad Spengler <spender@grsecurity.net>
|
||||
Cc: Dianzhang Chen <dianzhangchen0@gmail.com>
|
||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
||||
Cc: <bp@alien8.de>
|
||||
Cc: <hpa@zytor.com>
|
||||
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||||
---
|
||||
arch/x86/kernel/ptrace.c | 3 +--
|
||||
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
|
||||
index 8d20fb09722c..7f377f8792aa 100644
|
||||
--- a/arch/x86/kernel/ptrace.c
|
||||
+++ b/arch/x86/kernel/ptrace.c
|
||||
@@ -651,11 +651,10 @@ static unsigned long ptrace_get_debugreg(struct task_struct *tsk, int n)
|
||||
{
|
||||
struct thread_struct *thread = &tsk->thread;
|
||||
unsigned long val = 0;
|
||||
- int index = n;
|
||||
|
||||
if (n < HBP_NUM) {
|
||||
+ int index = array_index_nospec(n, HBP_NUM);
|
||||
struct perf_event *bp = thread->ptrace_bps[index];
|
||||
- index = array_index_nospec(index, HBP_NUM);
|
||||
|
||||
if (bp)
|
||||
val = bp->hw.info.address;
|
||||
--
|
||||
2.23.0
|
||||
|
|
@ -165,6 +165,7 @@ bugfix/all/netfilter-conntrack-use-consistent-ct-id-hash-calcul.patch
|
|||
bugfix/all/ALSA-usb-audio-Fix-an-OOB-bug-in-parse_audio_mixer_unit.patch
|
||||
bugfix/all/ALSA-usb-audio-Fix-a-stack-buffer-overflow-bug-in-check_input_term.patch
|
||||
bugfix/all/vhost-make-sure-log_num-in_num.patch
|
||||
bugfix/x86/x86-ptrace-fix-up-botched-merge-of-spectrev1-fix.patch
|
||||
|
||||
# Fix exported symbol versions
|
||||
bugfix/all/module-disable-matching-missing-version-crc.patch
|
||||
|
|
Loading…
Reference in New Issue