lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 1 Feb 2017 14:12:13 -0800
From:   Andrew Morton <akpm@...ux-foundation.org>
To:     Lokesh Vutla <lokeshvutla@...com>
Cc:     Al Viro <viro@...iv.linux.org.uk>, <linux-kernel@...r.kernel.org>,
        Linux ARM Mailing List <linux-arm-kernel@...ts.infradead.org>,
        Tero Kristo <t-kristo@...com>, Sekhar Nori <nsekhar@...com>,
        Nishanth Menon <nm@...com>,
        Muralidharan Karicheri <m-karicheri2@...com>
Subject: Re: [PATCH v3] initramfs: finish fput() before accessing any binary
 from initramfs

On Wed, 1 Feb 2017 19:35:40 +0530 Lokesh Vutla <lokeshvutla@...com> wrote:

> commit 4a9d4b024a31 ("switch fput to task_work_add") implements a
> schedule_work() for completing fput(), but did not guarantee calling
> __fput() after unpacking initramfs. Because of this, there is a
> possibility that during boot a driver can see ETXTBSY when it tries
> to load a binary from initramfs as fput() is still pending on that
> binary. This patch makes sure that fput() is completed after unpacking
> initramfs and removes the call to flush_delayed_fput() in kernel_init()
> which happens very late after unpacking initramfs.

There's not really enough info here for others to be able to decide
which kernel versions need the fix.  How serious is the bug?  Given
that it's been there for 4 years, I assume "not very"?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ