lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20160105211310.GC30512@redhat.com>
Date:	Tue, 5 Jan 2016 16:13:10 -0500
From:	Mike Snitzer <snitzer@...hat.com>
To:	Scotty Bauer <sbauer@....utah.edu>
Cc:	dm-devel@...hat.com, linux-kernel@...r.kernel.org, agk@...hat.com
Subject: Re: dm ioctl: Access user-land memory through safe functions.

On Tue, Jan 05 2016 at  3:16pm -0500,
Mike Snitzer <snitzer@...hat.com> wrote:

> On Tue, Dec 08 2015 at  1:26pm -0500,
> Scotty Bauer <sbauer@....utah.edu> wrote:
> 
> > Friendly ping, is anyone interested in this?
> 
> The passed @user argument is flagged via __user so it can be
> deferenced directly.  It does look like directly deferencing
> user->version is wrong.
> 
> But even if such indirect access is needed (because __user flag is only
> applicable to @user arg, not the contained version member) we could more
> easily just do something like this no?:
> 
>   uint32_t __user *versionp = (uint32_t __user *)user->version;
>   ...
>   if (copy_from_user(version, versionp, sizeof(version)))
>      return -EFAULT;
> 
> I've staged the following, thanks:
> https://git.kernel.org/cgit/linux/kernel/git/device-mapper/linux-dm.git/commit/?h=dm-4.5&id=bffc9e237a0c3176712bcd93fc6a184a61e0df26

Alasdair helped me understand that we do need your original fix.
I've staged it for 4.5 (and stable@) here:
https://git.kernel.org/cgit/linux/kernel/git/device-mapper/linux-dm.git/commit/?h=dm-4.5&id=ead3db62bf10fe143bec99e7b7ff370d7a6d23ef

Thanks again,
Mike
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ