Re: [PATCH 03/10] x86/fpu: Use validate_xstate_header() to validate the xstate_header in sanitize_restored_xstate()

* Eric Biggers wrote: > On Mon, Sep 25, 2017 at 08:14:45AM +0200, Ingo Molnar wrote: > > > > > > > > Could you please just send the delta patch against the whole tree to > > > > fix the bug? > > > > I'll worry about the patch dependencies and back-merge it to the proper > > > > place. > > >

Re: [PATCH 03/10] x86/fpu: Use validate_xstate_header() to validate the xstate_header in sanitize_restored_xstate()

On Mon, Sep 25, 2017 at 08:14:45AM +0200, Ingo Molnar wrote: > > > > > > Could you please just send the delta patch against the whole tree to fix > > > the bug? > > > I'll worry about the patch dependencies and back-merge it to the proper > > > place. > > > > > > > The following diff against

Re: [PATCH 03/10] x86/fpu: Use validate_xstate_header() to validate the xstate_header in sanitize_restored_xstate()

* Eric Biggers wrote: > On Sun, Sep 24, 2017 at 09:02:42PM +0200, Ingo Molnar wrote: > > > > * Eric Biggers wrote: > > > > > On Sun, Sep 24, 2017 at 12:59:06PM +0200, Ingo Molnar wrote: > > > > @@ -328,10 +331,8 @@ static int __fpu__restore_sig(void __user *buf, > > > > void __user *buf_fx,

Re: [PATCH 03/10] x86/fpu: Use validate_xstate_header() to validate the xstate_header in sanitize_restored_xstate()

* Eric Biggers wrote: > The following diff against tip/master fixes the bug. Note: we *could* check > 'use_xsave()' instead of 'state_size > offsetof(struct xregs_state, header)', > but that might be confusing in the case where we couldn't find the xstate > information in the memory layout and

Re: [PATCH 03/10] x86/fpu: Use validate_xstate_header() to validate the xstate_header in sanitize_restored_xstate()

On Sun, Sep 24, 2017 at 09:02:42PM +0200, Ingo Molnar wrote: > > * Eric Biggers wrote: > > > On Sun, Sep 24, 2017 at 12:59:06PM +0200, Ingo Molnar wrote: > > > @@ -328,10 +331,8 @@ static int __fpu__restore_sig(void __user *buf, void > > > __user *buf_fx, int size) > > > err =

Re: [PATCH 03/10] x86/fpu: Use validate_xstate_header() to validate the xstate_header in sanitize_restored_xstate()

* Eric Biggers wrote: > On Sun, Sep 24, 2017 at 12:59:06PM +0200, Ingo Molnar wrote: > > @@ -328,10 +331,8 @@ static int __fpu__restore_sig(void __user *buf, void > > __user *buf_fx, int size) > > err = copy_user_to_xstate(&fpu->state.xsave, buf_fx); > > } else {

Re: [PATCH 03/10] x86/fpu: Use validate_xstate_header() to validate the xstate_header in sanitize_restored_xstate()

On Sun, Sep 24, 2017 at 12:59:06PM +0200, Ingo Molnar wrote: > @@ -328,10 +331,8 @@ static int __fpu__restore_sig(void __user *buf, void > __user *buf_fx, int size) > err = copy_user_to_xstate(&fpu->state.xsave, buf_fx); > } else { > err =

[PATCH 03/10] x86/fpu: Use validate_xstate_header() to validate the xstate_header in sanitize_restored_xstate()

From: Eric Biggers Tighten the checks in sanitize_restored_xstate(). Signed-off-by: Eric Biggers Cc: Andy Lutomirski Cc: Dave Hansen Cc: Dmitry Vyukov Cc: Fenghua Yu Cc: Kees Cook Cc: Kevin Hao Cc: Linus Torvalds Cc: Michael Halcrow Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Rik van Rie