| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <yq1bmbx321v.fsf@oracle.com>
Date: Tue, 26 Jun 2018 13:11:56 -0400
From: "Martin K. Petersen" <martin.petersen@...cle.com>
To: Jann Horn <jannh@...gle.com>
Cc: Doug Gilbert <dgilbert@...erlog.com>,
"James E.J. Bottomley" <jejb@...ux.vnet.ibm.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
linux-scsi@...r.kernel.org, Christoph Hellwig <hch@...radead.org>,
Al Viro <viro@...iv.linux.org.uk>,
Andy Lutomirski <luto@...nel.org>,
linux-kernel@...r.kernel.org, Jens Axboe <axboe@...nel.dk>,
FUJITA Tomonori <fujita.tomonori@....ntt.co.jp>,
kernel-hardening@...ts.openwall.com, security@...nel.org,
Benjamin Block <bblock@...ux.vnet.ibm.com>
Subject: Re: [PATCH v3] sg: mitigate read/write abuse
Jann,
> As Al Viro noted in commit 128394eff343 ("sg_write()/bsg_write() is
> not fit to be called under KERNEL_DS"), sg improperly accesses
> userspace memory outside the provided buffer, permitting kernel memory
> corruption via splice(). But it doesn't just do it on ->write(), also
> on ->read().
>
> As a band-aid, make sure that the ->read() and ->write() handlers can
> not be called in weird contexts (kernel context or credentials
> different from file opener), like for ib_safe_file_access().
Applied to 4.18/scsi-fixes with the naming fix pointed out by Doug.
Thanks!
--
Martin K. Petersen Oracle Linux Engineering
Powered by blists - more mailing lists