| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Sep 2014 14:29:18 -0700 From: Greg KH <gregkh@...uxfoundation.org> To: Jeff Mahoney <jeffm@...e.com> Cc: Matt <jackdachef@...il.com>, Linux Kernel <linux-kernel@...r.kernel.org>, ReiserFS Mailing List <reiserfs-devel@...r.kernel.org> Subject: Re: linux-3.16.2 queue (3.16.1+) On Thu, Sep 11, 2014 at 12:29:30AM -0400, Jeff Mahoney wrote: > On 9/6/14, 11:18 PM, Greg KH wrote: > > On Sun, Sep 07, 2014 at 02:47:55AM +0200, Matt wrote: > >> On Thu, Aug 28, 2014 at 9:18 PM, Matt <jackdachef@...il.com> > >> wrote: > >>> On Thu, Aug 28, 2014 at 5:32 PM, Greg KH > >>> <gregkh@...uxfoundation.org> wrote: > >>>> On Thu, Aug 28, 2014 at 05:27:27PM +0200, Matt wrote: > >>>>> On Thu, Aug 28, 2014 at 5:22 PM, Greg KH > >>>>> <gregkh@...uxfoundation.org> wrote: > >>>>>> On Thu, Aug 28, 2014 at 05:16:58PM +0200, Matt wrote: > >>>>>>> Hi Greg, > >>>>>>> > >>>>>>> > >>>>>>> please consider adding the following 2 patches to > >>>>>>> 3.16.2: > >>>>>>> > >>>>>>> Jan Kara (1): reiserfs: Fix use after free in journal > >>>>>>> teardown > >>>>>>> > >>>>>>> Jeff Mahoney (1): reiserfs: fix corruption introduced > >>>>>>> by balance_leaf refactor > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> Reason/Related: > >>>>>>> > >>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=83121 > >>>>>>> > >>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=83321 > >>>>>>> > >>>>>>> http://forums.gentoo.org/viewtopic-t-998538-postdays-0-postorder-asc-start-0.html > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > Many thanks in advance > >>>>>> > >>>>>> I need git commit ids of these patches in Linus's tree, > >>>>>> can you provide those please? > >>>>>> > >>>>>> thanks, > >>>>>> > >>>>>> greg k-h > >>>>> > >>>>> > >>>>> Sure: > >>>>> > >>>>> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=27d0e5bc85f3341b9ba66f0c23627cf9d7538c9d > >>>>> > >>>>> > reiserfs: fix corruption introduced by balance_leaf refactor > >>>>> > >>>>> > >>>>> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=01777836c87081e4f68c4a43c9abe6114805f91e > >>>>> > >>>>> > reiserfs: Fix use after free in journal teardown > >>>>> > >>>>> > >>>>> > >>>>> are checkpatch warnings usually also fixed within stable > >>>>> releases ? > >>>> > >>>> No, not at all, please read > >>>> Documentation/stable_kernel_patches.txt for what is > >>>> acceptable for stable kernel patches. > >>>> > >>>> thanks, > >>>> > >>>> greg k-h > >>> > >>> > >>> okay, will do > >>> > >>> thanks for pointing that out > >>> > >>> > >>> Regards > >>> > >>> Matt > >> > >> Hi Greg, > >> > >> could you please add the above mentioned two patches > >> > >> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=27d0e5bc85f3341b9ba66f0c23627cf9d7538c9d > >> > >> > reiserfs: fix corruption introduced by balance_leaf refactor > >> > >> > >> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=01777836c87081e4f68c4a43c9abe6114805f91e > >> > >> > reiserfs: Fix use after free in journal teardown > >> > >> in next stable (3.16.3) kernel ? > >> > >> more and more people seem to be affected by the data corruption > >> introduced by the recent changes. > >> > >> > >> Reading through Documentation/stable_kernel_rules.txt, > >> http://cwe.mitre.org/data/definitions/416.html and > >> http://www.hpenterprisesecurity.com/vulncat/en/vulncat/cpp/use_after_free.html > >> > >> > >> > both patches seem relevant enough (concerning data integrity > >> filesystem-wise and security) to be included for the stable > >> branch > > > > I'll queue this up when I get a chance, there are over 300 patches > > pending for the stable kernels right now :( > > > > Also, in the future, always cc stable@...r.kernel.org for any > > stable requests so that they don't get lost. > > Hi Greg - > > 27d0e5bc85f3341b9ba66f0c23627cf9d7538c9d > Author: Jeff Mahoney <jeffm@...e.com> > Date: Mon Aug 4 19:51:47 2014 -0400 > > reiserfs: fix corruption introduced by balance_leaf refactor > > Commits f1f007c308e (reiserfs: balance_leaf refactor, pull out > balance_leaf_insert_left) and cf22df182bf (reiserfs: balance_leaf > refactor, pull out balance_leaf_paste_left) missed that the `body' > pointer was getting repositioned. Subsequent users of the pointer > would expect it to be repositioned, and as a result, parts of the > tree would get overwritten. The most common observed corruption > is indirect block pointers being overwritten. > > Since the body value isn't actually used anymore in the called > routines, > we can pass back the offset it should be shifted. We constify the body > and ih pointers in the balance_leaf as a mostly-free preventative > measure. > > Cc: <stable@...r.kernel.org> # 3.16 > Reported-and-tested-by: Jeff Chua <jeff.chua.linux@...il.com> > Signed-off-by: Jeff Mahoney <jeffm@...e.com> > Signed-off-by: Jan Kara <jack@...e.cz> > > Should there have been more? I thought it was enough to add the Cc > tag. This one has been in the tree, with the tags and with > "corruption" in the Subject since 13 Aug. I know you're busy but this > seems like a pretty obvious candidate for stable inclusion. You marked this one just fine, it's just that, again, I have over 300+ patches in the "marked for stable" queue right now, this patch is in good company... greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists