Re: [PATCH] x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task

From: Eric Dumazet
Date: Fri Aug 14 2020 - 15:12:56 EST

Next message: Yazen Ghannam: "[PATCH 0/2] AMD MCA Address Translation Updates"
Previous message: Andy Lutomirski: "Re: [PATCH] x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task"
In reply to: Andy Lutomirski: "Re: [PATCH] x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task"
Next in thread: Jann Horn: "Re: [PATCH] x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Aug 14, 2020 at 12:03 PM Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
>
>
>
> > On Aug 14, 2020, at 11:16 AM, Eric Dumazet <edumazet@xxxxxxxxxx> wrote:
> >
> > syzbot found its way in 86_fsgsbase_read_task() [1]
> >
> > Fix is to make sure ldt pointer is not NULL
>
> Acked-by: Andy Lutomirski <luto@xxxxxxxxxx>
>
> Maybe add something like this to the changelog:
>
> This can happen if ptrace() or sigreturn() pokes an LDT selector into FS or GS for a task with no LDT and something tries to read the base before a return to usermode notices the bad selector and fixes it.
>
> I’ll see if I can whip up a test case too.
>

Jann has a repro if needed (and syzbot also had one)

Next message: Yazen Ghannam: "[PATCH 0/2] AMD MCA Address Translation Updates"
Previous message: Andy Lutomirski: "Re: [PATCH] x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task"
In reply to: Andy Lutomirski: "Re: [PATCH] x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task"
Next in thread: Jann Horn: "Re: [PATCH] x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]