45 lines
1.5 KiB
Diff
45 lines
1.5 KiB
Diff
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Date: Wed, 4 Sep 2019 12:27:18 +0200
|
|
Subject: x86/ptrace: fix up botched merge of spectrev1 fix
|
|
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=69f692bb7e684592aaba779299bc576626d414b4
|
|
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-15902
|
|
|
|
I incorrectly merged commit 31a2fbb390fe ("x86/ptrace: Fix possible
|
|
spectre-v1 in ptrace_get_debugreg()") when backporting it, as was
|
|
graciously pointed out at
|
|
https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php
|
|
|
|
Resolve the upstream difference with the stable kernel merge to properly
|
|
protect things.
|
|
|
|
Reported-by: Brad Spengler <spender@grsecurity.net>
|
|
Cc: Dianzhang Chen <dianzhangchen0@gmail.com>
|
|
Cc: Thomas Gleixner <tglx@linutronix.de>
|
|
Cc: <bp@alien8.de>
|
|
Cc: <hpa@zytor.com>
|
|
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
---
|
|
arch/x86/kernel/ptrace.c | 3 +--
|
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
|
|
|
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
|
|
index 8d20fb09722c..7f377f8792aa 100644
|
|
--- a/arch/x86/kernel/ptrace.c
|
|
+++ b/arch/x86/kernel/ptrace.c
|
|
@@ -651,11 +651,10 @@ static unsigned long ptrace_get_debugreg(struct task_struct *tsk, int n)
|
|
{
|
|
struct thread_struct *thread = &tsk->thread;
|
|
unsigned long val = 0;
|
|
- int index = n;
|
|
|
|
if (n < HBP_NUM) {
|
|
+ int index = array_index_nospec(n, HBP_NUM);
|
|
struct perf_event *bp = thread->ptrace_bps[index];
|
|
- index = array_index_nospec(index, HBP_NUM);
|
|
|
|
if (bp)
|
|
val = bp->hw.info.address;
|
|
--
|
|
2.23.0
|
|
|