spectre-meltdown-checker icon indicating copy to clipboard operation
spectre-meltdown-checker copied to clipboard

Published 20 hours ago verified publisher icon speed47

add CVE-2019-15902

Open asarubbo opened this issue 5 years ago • 1 comments

https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php

asarubbo avatar Sep 09 '19 09:09 asarubbo

This CVE points out a bad backport of a fix on stable kernels, the diff fixing it is as follows:

diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
index 1ca929767a1b..0b6d27dfc234 100644
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
@@ -698,11 +698,10 @@ static unsigned long ptrace_get_debugreg(struct task_struct *tsk, int n)
 {
        struct thread_struct *thread = &tsk->thread;
        unsigned long val = 0;
-       int index = n;

        if (n < HBP_NUM) {
+               int index = array_index_nospec(n, HBP_NUM);
                struct perf_event *bp = thread->ptrace_bps[index];
-               index = array_index_nospec(index, HBP_NUM);

                if (bp)
                        val = bp->hw.info.address;

It's going to be almost impossible to detect it on a running kernel, unfortunately.

Keeping this open just for information.

speed47 avatar Sep 22 '19 14:09 speed47