The patch titled
Subject: signalfd: fix information leak in signalfd_copyinfo
has been removed from the -mm tree. Its filename was
signalfd-fix-information-leak-in-signalfd_copyinfo.patch
This patch was dropped because it was merged into mainline or a subsystem tree
------------------------------------------------------
From: "Amanieu d'Antras" <amanieu@xxxxxxxxx>
Subject: signalfd: fix information leak in signalfd_copyinfo
This function may copy the si_addr_lsb field to user mode when it hasn't
been initialized, which can leak kernel stack data to user mode.
Just checking the value of si_code is insufficient because the same
si_code value is shared between multiple signals. This is solved by
checking the value of si_signo in addition to si_code.
Signed-off-by: Amanieu d'Antras <amanieu@xxxxxxxxx>
Cc: Oleg Nesterov <oleg@xxxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
fs/signalfd.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff -puN fs/signalfd.c~signalfd-fix-information-leak-in-signalfd_copyinfo fs/signalfd.c
--- a/fs/signalfd.c~signalfd-fix-information-leak-in-signalfd_copyinfo
+++ a/fs/signalfd.c
@@ -121,8 +121,9 @@ static int signalfd_copyinfo(struct sign
* Other callers might not initialize the si_lsb field,
* so check explicitly for the right codes here.
*/
- if (kinfo->si_code == BUS_MCEERR_AR ||
- kinfo->si_code == BUS_MCEERR_AO)
+ if (kinfo->si_signo == SIGBUS &&
+ (kinfo->si_code == BUS_MCEERR_AR ||
+ kinfo->si_code == BUS_MCEERR_AO))
err |= __put_user((short) kinfo->si_addr_lsb,
&uinfo->ssi_addr_lsb);
#endif
_
Patches currently in -mm which might be from amanieu@xxxxxxxxx are
origin.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
