| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 2 Feb 2007 17:58:01 -0800 From: Andrew Morton <akpm@...l.org> To: Nick Piggin <npiggin@...e.de> Cc: Linux Kernel <linux-kernel@...r.kernel.org>, Linux Filesystems <linux-fsdevel@...r.kernel.org>, Linux Memory Management <linux-mm@...ck.org> Subject: Re: [patch 1/9] fs: libfs buffered write leak fix On Sat, 3 Feb 2007 02:33:16 +0100 Nick Piggin <npiggin@...e.de> wrote: > > > =================================================================== > > > --- linux-2.6.orig/fs/buffer.c > > > +++ linux-2.6/fs/buffer.c > > > @@ -2344,6 +2344,8 @@ int nobh_prepare_write(struct page *page > > > > > > if (is_mapped_to_disk) > > > SetPageMappedToDisk(page); > > > + > > > + /* XXX: information leak vs read(2) */ > > > SetPageUptodate(page); > > > > > > /* > > > > That comment is too terse to be useful. > > OK, similar problem here - we have brought all the buffers uptodate > that we are *not* going to write over, or partially write over, but > we can have an uninitialised hole over the region we want to write. > > I think just setting page uptodate in commit_write might do the > trick? (and getting rid of the set_page_dirty there). Yes, the page just isn't uptodate yet in prepare_write() - moving things to commti_write() sounds sane. But please, can we have sufficient changelogs and comments in the next version? - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists