lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150325101507.GA20259@kroah.com>
Date:	Wed, 25 Mar 2015 11:15:07 +0100
From:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:	Alexander Holler <holler@...oftware.de>
Cc:	linux-kernel@...r.kernel.org, stable@...r.kernel.org,
	Al Viro <viro@...iv.linux.org.uk>
Subject: Re: [PATCH 3.19 091/123] gadgetfs: use-after-free in ->aio_read()

On Wed, Mar 25, 2015 at 10:23:27AM +0100, Alexander Holler wrote:
> Am 25.03.2015 um 09:33 schrieb Greg Kroah-Hartman:
> >On Tue, Mar 24, 2015 at 07:06:56PM +0100, Alexander Holler wrote:
> >>Am 24.03.2015 um 18:58 schrieb Greg Kroah-Hartman:
> >>>On Tue, Mar 24, 2015 at 06:30:17PM +0100, Alexander Holler wrote:
> >>>>Am 24.03.2015 um 16:46 schrieb Greg Kroah-Hartman:
> >>>>>3.19-stable review patch.  If anyone has any objections, please let me know.
> >>>>>
> >>>>>------------------
> >>>>>
> >>>>>From: Al Viro <viro@...iv.linux.org.uk>
> >>>>>
> >>>>>commit f01d35a15fa04162a58b95970fc01fa70ec9dacd upstream.
> >>>>
> >>>>Just what I've thought. Please see
> >>>>
> >>>>https://lkml.org/lkml/2015/3/15/5
> >>>
> >>>I have no idea what you are asking me to do here, please be specific.
> >>
> >>In order to not become blamed for mangling some language, here's a machine
> >>generated output:
> >>
> >>------
> >>wandq linux # git co -b t v3.19.2
> >>Switched to a new branch 't'
> >>wandq linux # git am /tmp/\[PATCH\ 3.19\ 091_123\]\ gadgetfs\:\
> >>use-after-free\ in\ -\>aio_read\(\).eml
> >>Applying: gadgetfs: use-after-free in ->aio_read()
> >>wandq linux # make drivers/usb/gadget/legacy/gadgetfs.ko
> >>(...)
> >>   CALL    scripts/checksyscalls.sh
> >>   CC [M]  drivers/usb/gadget/legacy/inode.o
> >>drivers/usb/gadget/legacy/inode.c: In function 'ep_aio_rwtail':
> >>drivers/usb/gadget/legacy/inode.c:642:12: warning: 'value' may be used
> >>uninitialized in this function [-Wmaybe-uninitialized]
> >>   ssize_t   value;
> >>             ^
> >>   LD [M]  drivers/usb/gadget/legacy/gadgetfs.o
> >>(...)
> >>------
> >
> >Is there a specific patch that is in Linus's tree that fixes this issue
> >that I should be applying to the stable tree?
> 
> No specific one. The changes of this patch were discarded by other patches
> in Linus tree which fixed other problems of gadgetfs too.
> 
> Besides that the solution for this one specific patch is a one-liner, I'll
> give a short overview:
> 
> - gadgetfs is already unusable since 3.16 (even with this patch) because
> (p)read/(p)write doesn't work (fixed with 4.0)
> - the problem this patch fixes is unlikely to be hit because glibc doesn't
> use the Linux aio-syscall, but pread/pwrite, which means someone has to use
> a special lib and not aio(7) to end up at the syscall the patch in question
> fixes.
> - there aren't that many users of gadgetfs
> 
> No idea if you want to apply or backport the whole series found in Al Viros
> vfs.git/gadgetfs.

As this has been broken since 3.16, and no one has taken the time to fix
it since then, it's not really an issue here, people can just use 4.0 if
they want it.

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ