ACK: [PATCH 0/1][SRU][X] Bad posix clock speculation mitigation backport (LP: #1847189)
Andrea Righi
andrea.righi at canonical.com
Tue Oct 8 09:17:39 UTC 2019
On Tue, Oct 08, 2019 at 06:10:14AM +0000, Tyler Hicks wrote:
> BugLink: https://launchpad.net/bugs/1847189
>
> [Impact]
>
> Vitaly Nikolenko pointed out that syscall(__NR_clock_gettime, 10, 0) can
> be used to perform a denial of service (system crash) or possibly
> execute arbitrary code in the Ubuntu Xenial kernel:
>
> https://twitter.com/vnik5287/status/1180666151216435200
>
> [Test Case]
>
> Execute the following test program and verify that it prints out
> "clock_gettime: Invalid argument" rather than triggering a NULL pointer
> dereference and stack trace in the kernel logs.
>
> ==========
> #include <stdio.h>
> #include <time.h>
>
> int main(void)
> {
> int rc = clock_gettime(10, 0);
>
> if (rc < 0)
> perror("clock_gettime");
>
> return rc;
> }
> ==========
>
> [Regression Potential]
>
> Low. The fix is easy to review and fixes a denial of service issue
> that's trivial to trigger.
>
> Tyler
>
> Tyler Hicks (1):
> UBUNTU: SAUCE: Fix posix clock speculation mitigation backport
>
> kernel/time/posix-timers.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
The fix makes sense to me.
Acked-by: Andrea Righi <andrea.righi at canonical.com>
More information about the kernel-team
mailing list