From: Al Viro Date: Thu, 15 Sep 2016 01:35:29 +0000 (+0100) Subject: fix minor infoleak in get_user_ex() X-Git-Tag: firefly_0821_release~176^2~4^2~28^2~29 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=9d25c78ec01c402dc56272693c44ef9d72ecdd2e;p=firefly-linux-kernel-4.4.55.git fix minor infoleak in get_user_ex() commit 1c109fabbd51863475cd12ac206bdd249aee35af upstream. get_user_ex(x, ptr) should zero x on failure. It's not a lot of a leak (at most we are leaking uninitialized 64bit value off the kernel stack, and in a fairly constrained situation, at that), but the fix is trivial, so... Signed-off-by: Al Viro [ This sat in different branch from the uaccess fixes since mid-August ] Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h index 09b1b0ab94b7..d42252ce9b4d 100644 --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h @@ -394,7 +394,11 @@ do { \ #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \ asm volatile("1: mov"itype" %1,%"rtype"0\n" \ "2:\n" \ - _ASM_EXTABLE_EX(1b, 2b) \ + ".section .fixup,\"ax\"\n" \ + "3:xor"itype" %"rtype"0,%"rtype"0\n" \ + " jmp 2b\n" \ + ".previous\n" \ + _ASM_EXTABLE_EX(1b, 3b) \ : ltype(x) : "m" (__m(addr))) #define __put_user_nocheck(x, ptr, size) \