lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 14 Feb 2008 13:46:42 -0800
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Thomas Gleixner <tglx@...utronix.de>
Cc:	adrian.bunk@...ial.fi, mingo@...e.hu, linux-kernel@...r.kernel.org,
	riku.voipio@...ial.fi, mikpe@...uu.se, buytenh@...tstofly.org,
	rusty@...tcorp.com.au, stable@...nel.org
Subject: Re: futex local DoS on most architectures

On Mon, 11 Feb 2008 14:59:34 +0100 (CET)
Thomas Gleixner <tglx@...utronix.de> wrote:

> On Mon, 11 Feb 2008, Adrian Bunk wrote:
> 
> > The issue described in [1] is still present and unfixed (and even the 
> > fix there wasn't complete since it didn't cover SMP).
> 
> Damn, this slipped through my attention completely. Hotfix (which can
> be easily backported) below.
>  
> > Thanks to Riku Voipio for noting that it is still unfixed.
> > 
> > cu
> > Adrian
> > 
> > [1] http://lkml.org/lkml/2007/8/1/474
> 
> -------->
> 
> Subject: futex: disable PI/robust on archs w/o valid implementation
> From: Thomas Gleixner <tglx@...utronix.de>
> 
> We have to disable the complete PI/robust functionality for those
> archs, which do not implement futex_atomic_cmpxchg_inatomic(). The
> code in question relies on a valid implementation and does not expect
> -ENOSYS, which is returned by the stub implementation in
> asm-generic/futex.h
> 
> Pointed out by: Mikael Pettersson, Riku Voipio and Adrian Bunk
> 
> This patch is intended for easy backporting and needs to be cleaned up
> further for current mainline.

So...

I queued up this version with a cc to stable under the assumption that this
is the patch which should be applied to 2.6.x.y, but this version is not
the one which will go into 2.6.25.

Correct?

If so: messy.  The stable guys might want to wait until they see the real
2.6.25 patch and perhaps prefer to backport that version.


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ