kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #187223
[Bug 1597971] [NEW] kernel: signal return with invalid floating-point control
Public bug reported:
Please backport:
commit bcf4dd5f9ee096bd1510f838dd4750c35df4e38b
Author: Martin Schwidefsky <schwidefsky@xxxxxxxxxx>
Date: Mon Jun 27 17:06:45 2016 +0200
s390: fix test_fp_ctl inline assembly contraints
The test_fp_ctl function is used to test if a given value is a valid
floating-point control. The inline assembly in test_fp_ctl uses an
incorrect constraint for the 'orig_fpc' variable. If the compiler
chooses the same register for 'fpc' and 'orig_fpc' the test_fp_ctl()
function always returns true. This allows user space to trigger
kernel oopses with invalid floating-point control values on the
signal stack.
This problem has been introduced with git commit 4725c86055f5bbdcdf
"s390: fix save and restore of the floating-point-control register"
Cc: stable@xxxxxxxxxxxxxxx # v3.13+
Reviewed-by: Heiko Carstens <heiko.carstens@xxxxxxxxxx>
Signed-off-by: Martin Schwidefsky <schwidefsky@xxxxxxxxxx>
** Affects: linux (Ubuntu)
Importance: Undecided
Assignee: Skipper Bug Screeners (skipper-screen-team)
Status: New
** Tags: architecture-s39064 bugnameltc-143266 severity-high targetmilestone-inin1604
** Tags added: architecture-s39064 bugnameltc-143266 severity-high
targetmilestone-inin1604
** Changed in: ubuntu
Assignee: (unassigned) => Skipper Bug Screeners (skipper-screen-team)
** Package changed: ubuntu => linux (Ubuntu)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1597971
Title:
kernel: signal return with invalid floating-point control
Status in linux package in Ubuntu:
New
Bug description:
Please backport:
commit bcf4dd5f9ee096bd1510f838dd4750c35df4e38b
Author: Martin Schwidefsky <schwidefsky@xxxxxxxxxx>
Date: Mon Jun 27 17:06:45 2016 +0200
s390: fix test_fp_ctl inline assembly contraints
The test_fp_ctl function is used to test if a given value is a valid
floating-point control. The inline assembly in test_fp_ctl uses an
incorrect constraint for the 'orig_fpc' variable. If the compiler
chooses the same register for 'fpc' and 'orig_fpc' the test_fp_ctl()
function always returns true. This allows user space to trigger
kernel oopses with invalid floating-point control values on the
signal stack.
This problem has been introduced with git commit 4725c86055f5bbdcdf
"s390: fix save and restore of the floating-point-control register"
Cc: stable@xxxxxxxxxxxxxxx # v3.13+
Reviewed-by: Heiko Carstens <heiko.carstens@xxxxxxxxxx>
Signed-off-by: Martin Schwidefsky <schwidefsky@xxxxxxxxxx>
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1597971/+subscriptions
Follow ups