proxmox-mirrors/mirror_ubuntu-kernels
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_ubuntu-kernels.git synced 2025-12-04 20:48:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
e6ac77ab78
mirror_ubuntu-kernels/arch/x86/kernel/cpu/mce
History
Zhang Zixun de768416b2 x86/mce/inject: Avoid out-of-bounds write when setting flags 
A contrived zero-length write, for example, by using write(2):

  ...
  ret = write(fd, str, 0);
  ...

to the "flags" file causes:

  BUG: KASAN: stack-out-of-bounds in flags_write
  Write of size 1 at addr ffff888019be7ddf by task writefile/3787

  CPU: 4 PID: 3787 Comm: writefile Not tainted 5.16.0-rc7+ #12
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014

due to accessing buf one char before its start.

Prevent such out-of-bounds access.

  [ bp: Productize into a proper patch. Link below is the next best
    thing because the original mail didn't get archived on lore. ]

Fixes: 0451d14d05 ("EDAC, mce_amd_inj: Modify flags attribute to use string arguments")
Signed-off-by: Zhang Zixun <zhang133010@icloud.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/linux-edac/YcnePfF1OOqoQwrX@zn.tnic/
2021-12-28 11:45:36 +01:00
..
amd.c x86/MCE/AMD, EDAC/mce_amd: Support non-uniform MCA bank type enumeration 2021-12-22 17:22:09 +01:00
apei.c x86/mce: Include a MCi_MISC value in faked mce logs 2021-05-28 16:57:16 +02:00
core.c x86/mce: Mark mce_start() noinstr 2021-12-13 14:14:05 +01:00
dev-mcelog.c x86/mce/dev-mcelog: Do not update kflags on AMD systems 2020-09-15 10:04:51 +02:00
genpool.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 437 2019-06-05 17:37:17 +02:00
inject.c x86/mce/inject: Avoid out-of-bounds write when setting flags 2021-12-28 11:45:36 +01:00
intel.c x86/mce: Add errata workaround for Skylake SKX37 2021-11-12 11:43:35 -08:00
internal.h x86/mce: Use mce_rdmsrl() in severity checking code 2021-12-13 14:12:08 +01:00
Makefile thermal: Move therm_throt there from x86/mce 2021-02-08 11:43:20 +01:00
p5.c x86/mce: Get rid of machine_check_vector 2021-09-23 11:15:49 +02:00
severity.c x86/mce: Check regs before accessing it 2021-12-20 11:41:02 +01:00
threshold.c x86/entry: Convert various system vectors 2020-06-11 15:15:14 +02:00
winchip.c x86/mce: Get rid of machine_check_vector 2021-09-23 11:15:49 +02:00