On Mon, Sep 03, 2018 at 04:32:48PM +0200, Jann Horn wrote:
commit 342db04ae71273322f0011384a9ed414df8bdae4 upstream.
show_opcodes() is used both for dumping kernel instructions and for dumping user instructions. If userspace causes #PF by jumping to a kernel address, show_opcodes() can be reached with regs->ip controlled by the user, pointing to kernel code. Make sure that userspace can't trick us into dumping kernel memory into dmesg.
Manually backported: show_opcodes() has changed a bit in the meantime. I have manually tested the backport.
Fixes: 7cccf0725cf7 ("x86/dumpstack: Add a show_ip() function") Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20180828154901.112726-1-jannh@google.com Signed-off-by: Jann Horn jannh@google.com
Since I manually backported this, I have removed all other sign-off/reviewed-by lines. I hope that's correct?
Yes, that's fine, but I added them back as this wasn't that different of a backport :)
THanks for the patch, now queued up.
greg k-h