Re: [PATCH 2/2] x86: ia32_signal: remove unnecessary padding

From: Mikael Pettersson
Date: Thu Nov 13 2008 - 03:47:09 EST

Next message: Frédéric Weisbecker: "Re: [PATCH 1/2] tracing/function-return-tracer: Make the function return tracer lockless"
Previous message: Yu Zhao: "Re: [PATCH 0/16 v6] PCI: Linux kernel SR-IOV support"
In reply to: H. Peter Anvin: "Re: [PATCH 2/2] x86: ia32_signal: remove unnecessary padding"
Next in thread: H. Peter Anvin: "Re: [PATCH 2/2] x86: ia32_signal: remove unnecessary padding"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

H. Peter Anvin writes:
> Hiroshi Shimamoto wrote:
> > H. Peter Anvin wrote:
> >> Mikael Pettersson wrote:
> >>> It does cause each signal delivery to leak 2 uninitialised
> >>> kernel bytes to the end of retcode[], which seems unnecessary.
> >> Not just unnecessary, it is a huge no-no for security.
> >
> > Am I missing important thing?
> > The frame->retcode is 8 bytes and packed structure with padding
> > is 10 bytes each, and the code is copied to user stack 8 bytes only.
> >
> > err |= __copy_to_user(frame->retcode, &code, 8);
> >
> > I don't think the behavior is changed.
> >
>
> Ah, nevermind, then. Then it fine, obviously.

Agreed. I wonder how on earth those templates ended
up as 10 bytes large when retcode[] always has been
8 bytes.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Frédéric Weisbecker: "Re: [PATCH 1/2] tracing/function-return-tracer: Make the function return tracer lockless"
Previous message: Yu Zhao: "Re: [PATCH 0/16 v6] PCI: Linux kernel SR-IOV support"
In reply to: H. Peter Anvin: "Re: [PATCH 2/2] x86: ia32_signal: remove unnecessary padding"
Next in thread: H. Peter Anvin: "Re: [PATCH 2/2] x86: ia32_signal: remove unnecessary padding"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]