lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190410194350.GA25351@redhat.com>
Date:   Wed, 10 Apr 2019 15:43:50 -0400
From:   Jerome Glisse <jglisse@...hat.com>
To:     linux-kernel@...r.kernel.org
Cc:     Minchan Kim <minchan@...nel.org>, Nitin Gupta <ngupta@...are.org>,
        Sergey Senozhatsky <sergey.senozhatsky.work@...il.com>,
        stable@...r.kernel.org,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH] zram: pass down the bvec we need to read into in the
 work struct

Adding more Cc and stable (i thought this was 5.1 addition). Note that
without this patch on arch/kernel where PAGE_SIZE != 4096 userspace
could read random memory through a zram block device (thought userspace
probably would have no control on the address being read).

On Mon, Apr 08, 2019 at 02:32:19PM -0400, jglisse@...hat.com wrote:
> From: Jérôme Glisse <jglisse@...hat.com>
> 
> When scheduling work item to read page we need to pass down the proper
> bvec struct which point to the page to read into. Before this patch it
> uses randomly initialized bvec (only if PAGE_SIZE != 4096) which is
> wrong.
> 
> Signed-off-by: Jérôme Glisse <jglisse@...hat.com>
> Cc: Minchan Kim <minchan@...nel.org>
> Cc: Nitin Gupta <ngupta@...are.org>
> Cc: Sergey Senozhatsky <sergey.senozhatsky.work@...il.com>
> Cc: linux-kernel@...r.kernel.org
> ---
>  drivers/block/zram/zram_drv.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c
> index 399cad7daae7..d58a359a6622 100644
> --- a/drivers/block/zram/zram_drv.c
> +++ b/drivers/block/zram/zram_drv.c
> @@ -774,18 +774,18 @@ struct zram_work {
>  	struct zram *zram;
>  	unsigned long entry;
>  	struct bio *bio;
> +	struct bio_vec bvec;
>  };
>  
>  #if PAGE_SIZE != 4096
>  static void zram_sync_read(struct work_struct *work)
>  {
> -	struct bio_vec bvec;
>  	struct zram_work *zw = container_of(work, struct zram_work, work);
>  	struct zram *zram = zw->zram;
>  	unsigned long entry = zw->entry;
>  	struct bio *bio = zw->bio;
>  
> -	read_from_bdev_async(zram, &bvec, entry, bio);
> +	read_from_bdev_async(zram, &zw->bvec, entry, bio);
>  }
>  
>  /*
> @@ -798,6 +798,7 @@ static int read_from_bdev_sync(struct zram *zram, struct bio_vec *bvec,
>  {
>  	struct zram_work work;
>  
> +	work.bvec = *bvec;
>  	work.zram = zram;
>  	work.entry = entry;
>  	work.bio = bio;
> -- 
> 2.20.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ