evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/arch
History
Jiri Olsa a89b6e355d s390/syscalls: Fix out of bounds arguments access 
commit c46fc0424ced3fb71208e72bd597d91b9169a781 upstream.

Zorro reported following crash while having enabled
syscall tracing (CONFIG_FTRACE_SYSCALLS):

  Unable to handle kernel pointer dereference at virtual ...
  Oops: 0011 [#1] SMP DEBUG_PAGEALLOC

  SNIP

  Call Trace:
  ([<000000000024d79c>] ftrace_syscall_enter+0xec/0x1d8)
   [<00000000001099c6>] do_syscall_trace_enter+0x236/0x2f8
   [<0000000000730f1c>] sysc_tracesys+0x1a/0x32
   [<000003fffcf946a2>] 0x3fffcf946a2
  INFO: lockdep is turned off.
  Last Breaking-Event-Address:
   [<000000000022dd44>] rb_event_data+0x34/0x40
  ---[ end trace 8c795f86b1b3f7b9 ]---

The crash happens in syscall_get_arguments function for
syscalls with zero arguments, that will try to access
first argument (args[0]) in event entry, but it's not
allocated.

Bail out of there are no arguments.

Reported-by: Zorro Lang <zlang@redhat.com>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-07-27 15:06:06 -07:00
..
alpha osf_wait4(): fix infoleak 2017-05-25 14:30:17 +02:00
arc mm: larger stack guard gap, between vmas 2017-06-26 07:13:11 +02:00
arm arm: move ELF_ET_DYN_BASE to 4MB 2017-07-21 07:44:57 +02:00
arm64 arm64: move ELF_ET_DYN_BASE to 4GB / 4MB 2017-07-21 07:44:57 +02:00
avr32 avr32: off by one in at32_init_pio() 2016-10-07 15:23:45 +02:00
blackfin net: smc91x: fix SMC accesses 2016-09-30 10:18:37 +02:00
c6x c6x/ptrace: Remove useless PTRACE_SETREGSET implementation 2017-03-31 09:49:53 +02:00
cris cris: Only build flash rescue image if CONFIG_ETRAX_AXISFLASHMAP is selected 2017-01-12 11:22:48 +01:00
frv mm: larger stack guard gap, between vmas 2017-06-26 07:13:11 +02:00
h8300 h8300/ptrace: Fix incorrect register transfer count 2017-03-31 09:49:53 +02:00
hexagon hexagon: fix strncpy_from_user() error return 2016-09-24 10:07:44 +02:00
ia64 ia64: copy_from_user() should zero the destination on access_ok() failure 2016-09-24 10:07:46 +02:00
m32r m32r: fix __get_user() 2016-09-24 10:07:43 +02:00
m68k m68k: Fix ndelay() macro 2016-12-15 08:49:23 -08:00
metag metag/uaccess: Check access_ok in strncpy_from_user 2017-05-25 14:30:16 +02:00
microblaze microblaze: fix copy_from_user() 2016-09-24 10:07:43 +02:00
mips MIPS: ralink: fix MT7628 wled_an pinmux gpio 2017-07-05 14:37:17 +02:00
mn10300 mn10300: copy_from_user() should zero on access_ok() failure... 2016-09-24 10:07:45 +02:00
nios2 nios2: reserve boot memory for device tree 2017-04-12 12:38:34 +02:00
openrisc openrisc: fix the fix of copy_from_user() 2016-09-24 10:07:46 +02:00
parisc parisc/mm: Ensure IRQs are off in switch_mm() 2017-07-21 07:44:56 +02:00
powerpc powerpc/asm: Mark cr0 as clobbered in mftb() 2017-07-27 15:06:05 -07:00
s390 s390/syscalls: Fix out of bounds arguments access 2017-07-27 15:06:06 -07:00
score score: fix copy_from_user() and friends 2016-09-24 10:07:44 +02:00
sh mm: larger stack guard gap, between vmas 2017-06-26 07:13:11 +02:00
sparc mm: larger stack guard gap, between vmas 2017-06-26 07:13:11 +02:00
tile mm: larger stack guard gap, between vmas 2017-06-26 07:13:11 +02:00
um um: Don't discard .text.exit section 2016-09-07 08:32:38 +02:00
unicore32 pwm: Changes for v4.4-rc1 2015-11-11 09:16:10 -08:00
x86 x86/xen: allow userspace access during hypercalls 2017-07-27 15:06:06 -07:00
xtensa mm: larger stack guard gap, between vmas 2017-06-26 07:13:11 +02:00
.gitignore
Kconfig