TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
v4.19.68
twx-linux/arch/x86/lib
T
History
Jann Horn b598ddc7b9 x86/insn-eval: Fix use-after-free access to LDT entry 
commit de9f869616 upstream.

get_desc() computes a pointer into the LDT while holding a lock that
protects the LDT from being freed, but then drops the lock and returns the
(now potentially dangling) pointer to its caller.

Fix it by giving the caller a copy of the LDT entry instead.

Fixes: 670f928ba0 ("x86/insn-eval: Add utility function to get segment descriptor")
Cc: stable@vger.kernel.org
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-06-11 12:20:52 +02:00
..
.gitignore
atomic64_32.c
atomic64_386_32.S
atomic64_cx8_32.S
cache-smp.c
checksum_32.S
x86/retpoline/checksum32: Convert assembler indirect jumps
2018-01-12 00:14:31 +01:00
clear_page_64.S
x86/asm: Trim clear_page.S includes
2018-02-13 17:37:07 +01:00
cmdline.c
cmpxchg8b_emu.S
cmpxchg16b_emu.S
copy_page_64.S
copy_user_64.S
cpu.c
x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping
2018-02-15 01:15:52 +01:00
csum-copy_64.S
csum-partial_64.c
csum-wrappers_64.c
delay.c
Merge branch 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2018-01-30 13:01:09 -08:00
error-inject.c
x86/error_inject: Make just_return_func() globally visible
2018-02-13 14:33:35 +01:00
getuser.S
x86/get_user: Use pointer masking to limit speculation
2018-01-30 21:54:31 +01:00
hweight.S
inat.c
insn-eval.c
x86/insn-eval: Fix use-after-free access to LDT entry
2019-06-11 12:20:52 +02:00
insn.c
iomap_copy_64.S
kaslr.c
x86/kaslr: Fix incorrect i8254 outb() parameters
2019-01-31 08:14:39 +01:00
Makefile
x86/mm/mem_encrypt: Disable all instrumentation for early SME setup
2019-05-25 18:23:45 +02:00
memcpy_32.c
memcpy_64.S
x86/uaccess: Fix up the fixup
2019-05-31 06:46:27 -07:00
memmove_64.S
memset_64.S
misc.c
mmx_32.c
msr-reg-export.c
msr-reg.S
msr-smp.c
x86/msr: Make rdmsrl_safe_on_cpu() scheduling safe as well
2018-03-28 10:34:13 +02:00
msr.c
putuser.S
retpoline.S
Revert "x86/retpoline: Simplify vmexit_fill_RSB()"
2018-02-20 09:38:26 +01:00
rwsem.S
string_32.c
strstr_32.c
usercopy_32.c
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
2018-01-30 21:54:31 +01:00
usercopy_64.c
Merge branch 'x86-dax-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2018-06-04 19:23:13 -07:00
usercopy.c
x86/nmi: Fix NMI uaccess race against CR3 switching
2018-08-31 17:08:22 +02:00
x86-opcode-map.txt
x86/decoder: Fix and update the opcodes map
2017-12-15 13:45:20 +01:00