x86/ptrace: fix up botched merge of spectrev1 fix [Linux 4.4.191]

This Linux kernel change "x86/ptrace: fix up botched merge of spectrev1 fix" is included in the Linux 4.4.191 release. This change is authored by Greg Kroah-Hartman <gregkh [at] linuxfoundation.org> on Wed Sep 4 12:27:18 2019 +0200. The commit for this change in Linux stable tree is 61263fb (patch).

x86/ptrace: fix up botched merge of spectrev1 fix

I incorrectly merged commit 31a2fbb390fe ("x86/ptrace: Fix possible
spectre-v1 in ptrace_get_debugreg()") when backporting it, as was
graciously pointed out at
https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php

Resolve the upstream difference with the stable kernel merge to properly
protect things.

Reported-by: Brad Spengler <spender@grsecurity.net>
Cc: Dianzhang Chen <dianzhangchen0@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: <bp@alien8.de>
Cc: <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

There are 3 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 arch/x86/kernel/ptrace.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
index 1ca9297..0b6d27d 100644
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
@@ -698,11 +698,10 @@ static unsigned long ptrace_get_debugreg(struct task_struct *tsk, int n)
 {
    struct thread_struct *thread = &tsk->thread;
    unsigned long val = 0;
-   int index = n;

    if (n < HBP_NUM) {
+       int index = array_index_nospec(n, HBP_NUM);
        struct perf_event *bp = thread->ptrace_bps[index];
-       index = array_index_nospec(index, HBP_NUM);

        if (bp)
            val = bp->hw.info.address;

Leave a Reply

Your email address will not be published. Required fields are marked *