Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-01 10:45:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
ca62d90085
linux-stable/arch/arm64/kernel
History
Mark Rutland ca62d90085 arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL 
Currently tagged_addr_ctrl_set() doesn't initialize the temporary 'ctrl'
variable, and a SETREGSET call with a length of zero will leave this
uninitialized. Consequently tagged_addr_ctrl_set() will consume an
arbitrary value, potentially leaking up to 64 bits of memory from the
kernel stack. The read is limited to a specific slot on the stack, and
the issue does not provide a write mechanism.

As set_tagged_addr_ctrl() only accepts values where bits [63:4] zero and
rejects other values, a partial SETREGSET attempt will randomly succeed
or fail depending on the value of the uninitialized value, and the
exposure is significantly limited.

Fix this by initializing the temporary value before copying the regset
from userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG,
NT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing
value of the tagged address ctrl will be retained.

The NT_ARM_TAGGED_ADDR_CTRL regset is only visible in the
user_aarch64_view used by a native AArch64 task to manipulate another
native AArch64 task. As get_tagged_addr_ctrl() only returns an error
value when called for a compat task, tagged_addr_ctrl_get() and
tagged_addr_ctrl_set() should never observe an error value from
get_tagged_addr_ctrl(). Add a WARN_ON_ONCE() to both to indicate that
such an error would be unexpected, and error handlnig is not missing in
either case.

Fixes: 2200aa7154 ("arm64: mte: ptrace: Add NT_ARM_TAGGED_ADDR_CTRL regset")
Cc: <stable@vger.kernel.org> # 5.10.x
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Will Deacon <will@kernel.org>
Reviewed-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20241205121655.1824269-2-mark.rutland@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2024-12-05 18:03:25 +00:00
..
pi Merge branches 'for-next/gcs', 'for-next/probes', 'for-next/asm-offsets', 'for-next/tlb', 'for-next/misc', 'for-next/mte', 'for-next/sysreg', 'for-next/stacktrace', 'for-next/hwcap3', 'for-next/kselftest', 'for-next/crc32', 'for-next/guest-cca', 'for-next/haft' and 'for-next/scs', remote-tracking branch 'arm64/for-next/perf' into for-next/core 2024-11-14 12:07:16 +00:00
probes - The series "zram: optimal post-processing target selection" from 2024-11-23 09:58:07 -08:00
vdso arm64: vdso: Drop LBASE_VDSO 2024-11-02 12:37:33 +01:00
vdso32 arm64: vdso: Drop LBASE_VDSO 2024-11-02 12:37:33 +01:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
acpi_numa.c arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE 2024-08-14 17:51:39 +01:00
acpi_parking_protocol.c arm64: smp: Remove dedicated wakeup IPI 2023-09-25 17:15:28 +01:00
acpi.c Merge branch 'for-next/vcpu-hotplug' into for-next/core 2024-07-11 19:10:02 +01:00
alternative.c Merge branches 'for-next/kpti', 'for-next/missing-proto-warn', 'for-next/iss2-decode', 'for-next/kselftest', 'for-next/misc', 'for-next/feat_mops', 'for-next/module-alloc', 'for-next/sysreg', 'for-next/cpucap', 'for-next/acpi', 'for-next/kdump', 'for-next/acpi-doc', 'for-next/doc' and 'for-next/tpidr2-fix', remote-tracking branch 'arm64/for-next/perf' into for-next/core 2023-06-23 18:32:20 +01:00
armv8_deprecated.c sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
asm-offsets.c ftrace updates for v6.13: 2024-11-20 11:34:10 -08:00
cacheinfo.c cacheinfo: Add arm64 early level initializer implementation 2023-04-13 09:32:33 +01:00
compat_alignment.c arm64: compat: Work around uninitialized variable warning 2023-04-05 17:51:47 +01:00
cpu_errata.c arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 2024-10-04 12:38:03 +01:00
cpu_ops.c arm64: Introduce get_cpu_ops() helper function 2020-03-24 17:24:19 +00:00
cpu-reset.S arm64: kernel: remove SHF_WRITE|SHF_EXECINSTR from .idmap.text 2023-05-02 12:42:22 +01:00
cpufeature.c The biggest change here is eliminating the awful idea that KVM had, of 2024-11-23 16:00:50 -08:00
cpuinfo.c The biggest change here is eliminating the awful idea that KVM had, of 2024-11-23 16:00:50 -08:00
crash_dump.c vmcore: convert copy_oldmem_page() to take an iov_iter 2022-04-29 14:37:59 -07:00
debug-monitors.c Merge branch 'for-next/mops' into for-next/core 2024-11-14 12:07:28 +00:00
efi-header.S arm64: efi: Enable BTI codegen and add PE/COFF annotation 2023-04-20 15:43:45 +02:00
efi-rt-wrapper.S arm64: efi: Avoid workqueue to check whether EFI runtime is live 2023-01-16 15:27:31 +01:00
efi.c efi: arm64: Map Device with Prot Shared 2024-10-23 10:19:32 +01:00
elfcore.c arm64: mte: Avoid the racy walk of the vma list during core dump 2023-01-05 15:12:12 +00:00
entry-common.c Merge branch 'for-next/mops' into for-next/core 2024-11-14 12:07:28 +00:00
entry-fpsimd.S arm64/sme: Implement context switching for ZT0 2023-01-20 12:23:06 +00:00
entry-ftrace.S arm64: ftrace: Enable HAVE_FUNCTION_GRAPH_RETVAL 2023-06-20 18:38:37 -04:00
entry.S arm64: stacktrace: unwind exception boundaries 2024-10-17 18:06:25 +01:00
fpsimd.c arm64 updates for 6.13: 2024-11-18 18:10:37 -08:00
ftrace.c - The series "zram: optimal post-processing target selection" from 2024-11-23 09:58:07 -08:00
head.S arm64: stacktrace: unwind exception boundaries 2024-10-17 18:06:25 +01:00
hibernate-asm.S arm64: kexec: install a copy of the linear-map 2021-10-01 13:31:00 +01:00
hibernate.c hugetlb: arm64: add mte support 2024-10-16 14:50:47 +01:00
hw_breakpoint.c perf/bpf: Remove unneeded uses_default_overflow_handler() 2024-04-12 11:49:50 +02:00
hyp-stub.S ARM64: 2023-07-03 15:32:22 -07:00
idle.c arm64: idle: Tag the arm64 idle functions as __cpuidle 2023-09-25 17:15:28 +01:00
image-vars.h arm64: irqchip/gic-v3: Select priorities at boot time 2024-06-24 18:16:45 +01:00
image.h arm64: get rid of TEXT_OFFSET 2020-09-07 15:00:52 +01:00
io.c arm64: Use new fallback IO memcpy/memset 2024-10-28 21:44:29 +00:00
irq.c arm64: irq: set the correct node for shadow call stack 2023-12-13 12:09:00 +00:00
jump_label.c asm-generic: introduce text-patching.h 2024-11-07 14:25:15 -08:00
kaslr.c arm64: kaslr: Use feature override instead of parsing the cmdline again 2024-02-16 12:42:31 +00:00
kexec_image.c kexec_file, arm64: print out debugging message if required 2023-12-20 15:02:57 -08:00
kgdb.c asm-generic: introduce text-patching.h 2024-11-07 14:25:15 -08:00
kuser32.S arm64: Update Documentation/arm references 2023-06-12 06:33:48 -06:00
machine_kexec_file.c arm64, crash: wrap crash dumping code into crash related ifdefs 2024-02-23 17:48:23 -08:00
machine_kexec.c arm64, crash: wrap crash dumping code into crash related ifdefs 2024-02-23 17:48:23 -08:00
Makefile arm64: Detect if in a realm and set RIPAS RAM 2024-10-23 10:19:32 +01:00
Makefile.syscalls syscalls: fix syscall macros for newfstat/newfstatat 2024-08-02 15:20:47 +02:00
module-plts.c Merge branch 'for-next/cpus_have_const_cap' into for-next/core 2023-10-26 17:10:18 +01:00
module.c arm64/scs: Fix handling of DWARF augmentation data in CIE/FDE frames 2024-11-08 16:37:55 +00:00
mte.c hugetlb: arm64: add mte support 2024-10-16 14:50:47 +01:00
paravirt.c arm64: paravirt: remove conduit check in has_pv_steal_clock 2022-11-09 18:11:56 +00:00
patching.c arm64: patching: avoid early page_to_phys() 2024-12-03 18:05:42 +00:00
pci.c arm64: PCI: Migrate ACPI related functions to pci-acpi.c 2024-08-27 15:48:34 +02:00
perf_callchain.c perf/core: Correct perf sampling with guest VMs 2024-11-14 10:40:01 +01:00
perf_regs.c perf: arm64: Add SVE vector granule register to user regs 2022-09-22 15:06:02 +01:00
pointer_auth.c arm64: move preemption disablement to prctl handlers 2021-07-28 18:33:49 +01:00
process.c Merge branch 'for-next/pkey-signal' into for-next/core 2024-11-14 12:07:30 +00:00
proton-pack.c arm64: errata: Unify speculative SSBS errata logic 2024-06-12 16:07:21 +01:00
psci.c arm64: psci: Ignore DENIED CPUs 2024-06-28 18:38:31 +01:00
ptrace.c arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL 2024-12-05 18:03:25 +00:00
reloc_test_core.c ARM64: reloc_test: add missing MODULE_DESCRIPTION() macro 2024-06-13 10:23:54 +01:00
reloc_test_syms.S arm64: kernel: Convert to modern annotations for assembly functions 2020-05-04 12:46:03 +01:00
relocate_kernel.S arm64: kexec: load from kimage prior to clobbering 2022-05-17 14:25:35 +01:00
return_address.c arm64: Make return_address() use arch_stack_walk() 2021-12-10 14:06:04 +00:00
rsi.c arm64: Enable memory encrypt for Realms 2024-10-23 10:19:33 +01:00
sdei.c arm64: sdei: abort running SDEI handlers during crash 2023-08-04 17:35:33 +01:00
setup.c Devicetree updates for v6.13: 2024-11-20 13:19:25 -08:00
signal32.c arm64: rework compat syscall macros 2024-07-10 14:23:38 +02:00
signal.c Merge branch 'for-next/pkey-signal' into for-next/core 2024-11-14 12:07:30 +00:00
sigreturn32.S arm64: rework compat syscall macros 2024-07-10 14:23:38 +02:00
sleep.S arm64: mm: Handle LVA support as a CPU feature 2024-02-16 12:42:36 +00:00
smccc-call.S arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint 2024-11-07 11:18:52 +00:00
smp_spin_table.c treewide: Drop function_nocfi 2022-09-26 10:13:14 -07:00
smp.c arm64 updates for 6.12 2024-09-16 06:55:07 +02:00
stacktrace.c arm64: stacktrace: unwind exception boundaries 2024-10-17 18:06:25 +01:00
suspend.c arm64/sme: Restore SME registers on exit from suspend 2024-02-20 12:19:15 +00:00
sys32.c arm64: convert unistd_32.h to syscall.tbl format 2024-07-10 14:23:38 +02:00
sys_compat.c arm64: Avoid cpus_have_const_cap() for ARM64_WORKAROUND_1542419 2023-10-16 14:17:06 +01:00
sys.c arm64: generate 64-bit syscall.tbl 2024-07-10 14:23:38 +02:00
syscall.c arm64: convert unistd_32.h to syscall.tbl format 2024-07-10 14:23:38 +02:00
time.c arm64: Make profile_pc() use arch_stack_walk() 2021-12-10 14:06:04 +00:00
topology.c arm64/amu: Use capacity_ref_freq() to set AMU ratio 2023-12-23 15:52:36 +01:00
trace-events-emulation.h tracing/treewide: Remove second parameter of __assign_str() 2024-05-22 20:14:47 -04:00
traps.c - The series "zram: optimal post-processing target selection" from 2024-11-23 09:58:07 -08:00
vdso32-wrap.S arm64: do not descend to vdso directories twice 2021-01-20 12:18:46 +00:00
vdso-wrap.S arm64: do not descend to vdso directories twice 2021-01-20 12:18:46 +00:00
vdso.c arm64: vdso: Use only one single vvar mapping 2024-11-02 12:37:33 +01:00
vmcore_info.c crash: split vmcoreinfo exporting code out from crash_core.c 2024-02-23 17:48:22 -08:00
vmlinux.lds.S arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG 2024-11-07 11:33:06 +00:00
watchdog_hld.c arm64: enable perf events based hard lockup detector 2023-06-09 17:44:22 -07:00