diff options
| author | Borislav Petkov <bp@suse.de> | 2021-12-17 16:49:25 +0100 |
|---|---|---|
| committer | Borislav Petkov <bp@suse.de> | 2021-12-20 11:41:02 +0100 |
| commit | 1acd85feba81084fcef00b73fc1601e42b77c5d8 (patch) | |
| tree | f5a39a5f3974870a599097ff5650c56b28919571 /arch | |
| parent | x86/mce: Mark mce_start() noinstr (diff) | |
| download | linux-1acd85feba81084fcef00b73fc1601e42b77c5d8.tar.xz linux-1acd85feba81084fcef00b73fc1601e42b77c5d8.zip | |
x86/mce: Check regs before accessing it
Commit in Fixes accesses pt_regs before checking whether it is NULL or
not. Make sure the NULL pointer check happens first.
Fixes: 0a5b288e85bb ("x86/mce: Prevent severity computation from being instrumented")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Link: https://lore.kernel.org/r/20211217102029.GA29708@kili
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/x86/kernel/cpu/mce/severity.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/arch/x86/kernel/cpu/mce/severity.c b/arch/x86/kernel/cpu/mce/severity.c index a32646769705..7aa2bda93cbb 100644 --- a/arch/x86/kernel/cpu/mce/severity.c +++ b/arch/x86/kernel/cpu/mce/severity.c @@ -222,6 +222,9 @@ static bool is_copy_from_user(struct pt_regs *regs) struct insn insn; int ret; + if (!regs) + return false; + if (copy_from_kernel_nofault(insn_buf, (void *)regs->ip, MAX_INSN_SIZE)) return false; @@ -283,7 +286,7 @@ static noinstr int error_context(struct mce *m, struct pt_regs *regs) switch (fixup_type) { case EX_TYPE_UACCESS: case EX_TYPE_COPY: - if (!regs || !copy_user) + if (!copy_user) return IN_KERNEL; m->kflags |= MCE_IN_KERNEL_COPYIN; fallthrough; |