diff options
| author | Maciej W. Rozycki <macro@imgtec.com> | 2016-03-03 20:42:49 -0500 |
|---|---|---|
| committer | Ralf Baechle <ralf@linux-mips.org> | 2016-03-04 16:52:32 -0500 |
| commit | e723e3f7f9591b79e8c56b3d7c5a204a9c571b55 (patch) | |
| tree | 24f595ea619d1febe04a97e97ea8536bdb11ed92 | |
| parent | 887349f69f37e71e2a8bfbd743831625a0b2ff51 (diff) | |
MIPS: traps: Fix SIGFPE information leak from `do_ov' and `do_trap_or_bp'
Avoid sending a partially initialised `siginfo_t' structure along SIGFPE
signals issued from `do_ov' and `do_trap_or_bp', leading to information
leaking from the kernel stack.
Signed-off-by: Maciej W. Rozycki <macro@imgtec.com>
Cc: stable@vger.kernel.org
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
| -rw-r--r-- | arch/mips/kernel/traps.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c index ae790c575d4f..bf14da9f3e33 100644 --- a/arch/mips/kernel/traps.c +++ b/arch/mips/kernel/traps.c | |||
| @@ -690,15 +690,15 @@ static int simulate_sync(struct pt_regs *regs, unsigned int opcode) | |||
| 690 | asmlinkage void do_ov(struct pt_regs *regs) | 690 | asmlinkage void do_ov(struct pt_regs *regs) |
| 691 | { | 691 | { |
| 692 | enum ctx_state prev_state; | 692 | enum ctx_state prev_state; |
| 693 | siginfo_t info; | 693 | siginfo_t info = { |
| 694 | .si_signo = SIGFPE, | ||
| 695 | .si_code = FPE_INTOVF, | ||
| 696 | .si_addr = (void __user *)regs->cp0_epc, | ||
| 697 | }; | ||
| 694 | 698 | ||
| 695 | prev_state = exception_enter(); | 699 | prev_state = exception_enter(); |
| 696 | die_if_kernel("Integer overflow", regs); | 700 | die_if_kernel("Integer overflow", regs); |
| 697 | 701 | ||
| 698 | info.si_code = FPE_INTOVF; | ||
| 699 | info.si_signo = SIGFPE; | ||
| 700 | info.si_errno = 0; | ||
| 701 | info.si_addr = (void __user *) regs->cp0_epc; | ||
| 702 | force_sig_info(SIGFPE, &info, current); | 702 | force_sig_info(SIGFPE, &info, current); |
| 703 | exception_exit(prev_state); | 703 | exception_exit(prev_state); |
| 704 | } | 704 | } |
| @@ -874,7 +874,7 @@ out: | |||
| 874 | void do_trap_or_bp(struct pt_regs *regs, unsigned int code, | 874 | void do_trap_or_bp(struct pt_regs *regs, unsigned int code, |
| 875 | const char *str) | 875 | const char *str) |
| 876 | { | 876 | { |
| 877 | siginfo_t info; | 877 | siginfo_t info = { 0 }; |
| 878 | char b[40]; | 878 | char b[40]; |
| 879 | 879 | ||
| 880 | #ifdef CONFIG_KGDB_LOW_LEVEL_TRAP | 880 | #ifdef CONFIG_KGDB_LOW_LEVEL_TRAP |
| @@ -903,7 +903,6 @@ void do_trap_or_bp(struct pt_regs *regs, unsigned int code, | |||
| 903 | else | 903 | else |
| 904 | info.si_code = FPE_INTOVF; | 904 | info.si_code = FPE_INTOVF; |
| 905 | info.si_signo = SIGFPE; | 905 | info.si_signo = SIGFPE; |
| 906 | info.si_errno = 0; | ||
| 907 | info.si_addr = (void __user *) regs->cp0_epc; | 906 | info.si_addr = (void __user *) regs->cp0_epc; |
| 908 | force_sig_info(SIGFPE, &info, current); | 907 | force_sig_info(SIGFPE, &info, current); |
| 909 | break; | 908 | break; |