| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+55aFxDU9AJ6gcHZuk=-eydsXOcgpRNwVMwakL7-=8NqLgO9Q@mail.gmail.com>
Date: Tue, 23 May 2017 13:21:15 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
stable <stable@...r.kernel.org>,
Al Viro <viro@...iv.linux.org.uk>,
Benjamin LaHaise <bcrl@...ck.org>,
Ingo Molnar <mingo@...nel.org>
Subject: Re: [PATCH 4.11 044/197] x86: fix 32-bit case of __get_user_asm_u64()
On Tue, May 23, 2017 at 1:06 PM, Greg Kroah-Hartman
<gregkh@...uxfoundation.org> wrote:
> 4.11-stable review patch. If anyone has any objections, please let me know.
No objections, but I do want to note that I verified with a
"allyesconfig" build on i386 that this code actually never triggers at
least in current -git. I might have screwed something up, but I added
a "fsin" instruction to that inline asm, and then verified that
"objdump" didn't find any fsin instructions in any object files after
the build.
There are people who do 64-bit reads from user space, but they all
seem to happily use "get_user()" that gets it right, not the
"__get_user()" helper that did not.
So it's still worth putting in stable (just in case of future or
external users), but at least it doesn't seem to be a potential
security issue (which it might have been - with the right unlucky code
generation you could make the 64-bit load basically be a pointer
following thing).
Linus
Powered by blists - more mailing lists