Re: [PATCH] MIPS: prevent user from setting FCSR cause bits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jul 22, 2014 at 02:21:21PM +0100, Paul Burton wrote:

> If one or more matching FCSR cause & enable bits are set in saved thread
> context then when that context is restored the kernel will take an FP
> exception. This is of course undesirable and considered an oops, leading
> to the kernel writing a backtrace to the console and potentially
> rebooting depending upon the configuration. Thus the kernel avoids this
> situation by clearing the cause bits of the FCSR register when handling
> FP exceptions and after emulating FP instructions.
> 
> However the kernel does not prevent userland from setting arbitrary FCSR
> cause & enable bits via ptrace, using either the PTRACE_POKEUSR or
> PTRACE_SETFPREGS requests. This means userland can trivially cause the
> kernel to oops on any system with an FPU. Prevent this from happening
> by clearing the cause bits when writing to the saved FCSR context via
> ptrace.
> 
> This problem appears to exist at least back to the beginning of the git
> era in the PTRACE_POKEUSR case.

Good catch - but I think something like UML on a more proper fix.  How
until then I'm going to apply this.

  Ralf


[Index of Archives]     [Linux MIPS Home]     [LKML Archive]     [Linux ARM Kernel]     [Linux ARM]     [Linux]     [Git]     [Yosemite News]     [Linux SCSI]     [Linux Hams]

  Powered by Linux