On Fri, Aug 14, 2020 at 12:03 PM Andy Lutomirski <l...@amacapital.net> wrote: > > > > > On Aug 14, 2020, at 11:16 AM, Eric Dumazet <eduma...@google.com> wrote: > > > > syzbot found its way in 86_fsgsbase_read_task() [1] > > > > Fix is to make sure ldt pointer is not NULL > > Acked-by: Andy Lutomirski <l...@kernel.org> > > Maybe add something like this to the changelog: > > This can happen if ptrace() or sigreturn() pokes an LDT selector into FS or > GS for a task with no LDT and something tries to read the base before a > return to usermode notices the bad selector and fixes it. > > I’ll see if I can whip up a test case too. >
Jann has a repro if needed (and syzbot also had one)
