| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Mar 2015 11:15:07 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: Alexander Holler <holler@...oftware.de> Cc: linux-kernel@...r.kernel.org, stable@...r.kernel.org, Al Viro <viro@...iv.linux.org.uk> Subject: Re: [PATCH 3.19 091/123] gadgetfs: use-after-free in ->aio_read() On Wed, Mar 25, 2015 at 10:23:27AM +0100, Alexander Holler wrote: > Am 25.03.2015 um 09:33 schrieb Greg Kroah-Hartman: > >On Tue, Mar 24, 2015 at 07:06:56PM +0100, Alexander Holler wrote: > >>Am 24.03.2015 um 18:58 schrieb Greg Kroah-Hartman: > >>>On Tue, Mar 24, 2015 at 06:30:17PM +0100, Alexander Holler wrote: > >>>>Am 24.03.2015 um 16:46 schrieb Greg Kroah-Hartman: > >>>>>3.19-stable review patch. If anyone has any objections, please let me know. > >>>>> > >>>>>------------------ > >>>>> > >>>>>From: Al Viro <viro@...iv.linux.org.uk> > >>>>> > >>>>>commit f01d35a15fa04162a58b95970fc01fa70ec9dacd upstream. > >>>> > >>>>Just what I've thought. Please see > >>>> > >>>>https://lkml.org/lkml/2015/3/15/5 > >>> > >>>I have no idea what you are asking me to do here, please be specific. > >> > >>In order to not become blamed for mangling some language, here's a machine > >>generated output: > >> > >>------ > >>wandq linux # git co -b t v3.19.2 > >>Switched to a new branch 't' > >>wandq linux # git am /tmp/\[PATCH\ 3.19\ 091_123\]\ gadgetfs\:\ > >>use-after-free\ in\ -\>aio_read\(\).eml > >>Applying: gadgetfs: use-after-free in ->aio_read() > >>wandq linux # make drivers/usb/gadget/legacy/gadgetfs.ko > >>(...) > >> CALL scripts/checksyscalls.sh > >> CC [M] drivers/usb/gadget/legacy/inode.o > >>drivers/usb/gadget/legacy/inode.c: In function 'ep_aio_rwtail': > >>drivers/usb/gadget/legacy/inode.c:642:12: warning: 'value' may be used > >>uninitialized in this function [-Wmaybe-uninitialized] > >> ssize_t value; > >> ^ > >> LD [M] drivers/usb/gadget/legacy/gadgetfs.o > >>(...) > >>------ > > > >Is there a specific patch that is in Linus's tree that fixes this issue > >that I should be applying to the stable tree? > > No specific one. The changes of this patch were discarded by other patches > in Linus tree which fixed other problems of gadgetfs too. > > Besides that the solution for this one specific patch is a one-liner, I'll > give a short overview: > > - gadgetfs is already unusable since 3.16 (even with this patch) because > (p)read/(p)write doesn't work (fixed with 4.0) > - the problem this patch fixes is unlikely to be hit because glibc doesn't > use the Linux aio-syscall, but pread/pwrite, which means someone has to use > a special lib and not aio(7) to end up at the syscall the patch in question > fixes. > - there aren't that many users of gadgetfs > > No idea if you want to apply or backport the whole series found in Al Viros > vfs.git/gadgetfs. As this has been broken since 3.16, and no one has taken the time to fix it since then, it's not really an issue here, people can just use 4.0 if they want it. thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists