lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 12 Jun 2019 09:29:48 +0200 (CEST)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Greg KH <gregkh@...uxfoundation.org>
cc:     "zhangxiaoxu (A)" <zhangxiaoxu5@...wei.com>, mingo@...hat.com,
        peterz@...radead.org, dvhart@...radead.org,
        linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH] futex: Fix futex lock the wrong page

On Wed, 12 Jun 2019, Greg KH wrote:
> On Wed, Jun 12, 2019 at 09:50:25AM +0800, zhangxiaoxu (A) wrote:
> > This patch is for stable branch linux-4.4-y.
> > 
> > On 2019/6/12 9:54, ZhangXiaoxu wrote:
> > > The upstram commit 65d8fc777f6d ("futex: Remove requirement
> > > for lock_page() in get_futex_key()") use variable 'page' as
> > > the page head, when merge it to stable branch, the variable
> > > `page_head` is page head.
> > > 
> > > In the stable branch, the variable `page` not means the page
> > > head, when lock the page head, we should lock 'page_head',
> > > rather than 'page'.
> > > 
> > > It maybe lead a hung task problem.
> > > 
> > > Signed-off-by: ZhangXiaoxu <zhangxiaoxu5@...wei.com>
> > > Cc: stable@...r.kernel.org
> > > ---
> > >   kernel/futex.c | 4 ++--
> > >   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> I do not understand.
> 
> Please read
>     https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
> for how to submit a patch to the stable trees properly.
> 
> If the commit is not in Linus's tree, then we can not take it, unless
> something is _very_ broken and it is the only way it can be resolved.

There is something _very_ broken. Upstream is correct but the 4.4. backport
of the above commit is broken (93dcb09e29bb24a86aa7b7eff65e424f7dc98af2) in
the way Zhang described. So it's a 4.4. only issue.

Thanks,

	tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ