linux/arch/s390
Jarod Wilson 3d6e48f433 [S390] CVE-2008-1514: prevent ptrace padding area read/write in 31-bit mode
When running a 31-bit ptrace, on either an s390 or s390x kernel,
reads and writes into a padding area in struct user_regs_struct32
will result in a kernel panic.

This is also known as CVE-2008-1514.

Test case available here:
http://sources.redhat.com/cgi-bin/cvsweb.cgi/~checkout~/tests/ptrace-tests/tests/user-area-padding.c?cvsroot=systemtap

Steps to reproduce:
1) wget the above
2) gcc -o user-area-padding-31bit user-area-padding.c -Wall -ggdb2 -D_GNU_SOURCE -m31
3) ./user-area-padding-31bit
<panic>

Test status
-----------
Without patch, both s390 and s390x kernels panic. With patch, the test case,
as well as the gdb testsuite, pass without incident, padding area reads
returning zero, writes ignored.

Nb: original version returned -EINVAL on write attempts, which broke the
gdb test and made the test case slightly unhappy, Jan Kratochvil suggested
the change to return 0 on write attempts.

Signed-off-by: Jarod Wilson <jarod@redhat.com>
Tested-by: Jan Kratochvil <jan.kratochvil@redhat.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2008-09-09 12:39:06 +02:00
..
appldata Merge branch 'generic-ipi' into generic-ipi-for-linus 2008-07-15 21:55:59 +02:00
boot
crypto Merge branch 'bkl-removal' of git://git.lwn.net/linux-2.6 2008-07-14 14:48:31 -07:00
hypfs
include/asm [S390] fix ext2_find_next_bit 2008-08-21 19:46:41 +02:00
kernel [S390] CVE-2008-1514: prevent ptrace padding area read/write in 31-bit mode 2008-09-09 12:39:06 +02:00
kvm KVM: s390: Fix kvm on IBM System z10 2008-07-31 11:57:18 +03:00
lib [S390] nohz/sclp: disable timer on synchronous waits. 2008-08-01 16:39:30 +02:00
math-emu
mm [S390] Add support for memory hot-remove. 2008-08-01 16:39:33 +02:00
oprofile
defconfig [S390] Update default configuration. 2008-08-21 19:46:42 +02:00
Kconfig [S390] Add support for memory hot-remove. 2008-08-01 16:39:33 +02:00
Kconfig.debug
Makefile