| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Nov 2019 10:38:06 +0100
From: Vlastimil Babka <vbabka@...e.cz>
To: stable@...r.kernel.org
Cc: linux-mm@...ck.org, linux-kernel@...r.kernel.org,
Ajay Kaher <akaher@...are.com>,
Vlastimil Babka <vbabka@...e.cz>,
Al Viro <viro@...iv.linux.org.uk>,
Andrew Morton <akpm@...ux-foundation.org>,
Andy Lutomirski <luto@...nel.org>,
"Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com>,
Borislav Petkov <bp@...en8.de>,
Catalin Marinas <catalin.marinas@....com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Hillf Danton <hillf.zj@...baba-inc.com>,
Ingo Molnar <mingo@...hat.com>, Jann Horn <jannh@...gle.com>,
Juergen Gross <jgross@...e.com>,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Mark Rutland <mark.rutland@....com>,
Matthew Wilcox <willy@...radead.org>,
Michal Hocko <mhocko@...e.com>,
Mike Kravetz <mike.kravetz@...cle.com>,
Miklos Szeredi <mszeredi@...hat.com>,
Naoya Horiguchi <n-horiguchi@...jp.nec.com>,
Oscar Salvador <osalvador@...e.de>,
Peter Zijlstra <peterz@...radead.org>,
Punit Agrawal <punit.agrawal@....com>,
Steve Capper <steve.capper@....com>,
Thomas Gleixner <tglx@...utronix.de>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Will Deacon <will.deacon@....com>
Subject: [PATCH STABLE 4.4 0/8] page refcount overflow backports
Hi,
this series backports the CVE-2019-11487 fixes (page refcount overflow) to
4.4 stable. It differs from Ajay's series [1] in the following:
- gup.c variants of fast gup for x86 and s390 are fixed too. I've not fixed
sparc, mips, sh. It's unlikely the known overflow scenario based on FUSE,
which needs 140GB of RAM, is a problem for those architectures, and I don't
feel confident enough to patch them. I've sent the same fixup for 4.9 [3]
- there are some differences in backport adaptations, hopefully not important.
My version is taken from our 4.4 based kernel, which was just simpler for me
than adding the missing parts to Ajay's version
- The last patch fixes another problem in the fast gup implementation on x86,
that I've previously posted and got merged to 4.9 stable [2].
[1] https://lore.kernel.org/linux-mm/1570581863-12090-1-git-send-email-akaher@vmware.com/
[2] https://lore.kernel.org/linux-mm/20190802160614.8089-1-vbabka@suse.cz/
[3] https://lore.kernel.org/linux-mm/9c130fa4-e52d-f8bd-c450-42341c7ab441@suse.cz/
Linus Torvalds (3):
mm: make page ref count overflow check tighter and more explicit
mm: add 'try_get_page()' helper function
mm: prevent get_user_pages() from overflowing page refcount
Matthew Wilcox (1):
fs: prevent page refcount overflow in pipe_buf_get
Miklos Szeredi (1):
pipe: add pipe_buf_get() helper
Punit Agrawal (1):
mm, gup: ensure real head page is ref-counted when using hugepages
Vlastimil Babka (1):
x86, mm, gup: prevent get_page() race with munmap in paravirt guest
Will Deacon (1):
mm, gup: remove broken VM_BUG_ON_PAGE compound check for hugepages
arch/s390/mm/gup.c | 6 +++--
arch/x86/mm/gup.c | 23 ++++++++++++++++++-
fs/fuse/dev.c | 12 +++++-----
fs/pipe.c | 4 ++--
fs/splice.c | 12 ++++++++--
include/linux/mm.h | 26 ++++++++++++++++++++-
include/linux/pipe_fs_i.h | 17 ++++++++++++--
kernel/trace/trace.c | 6 ++++-
mm/gup.c | 48 +++++++++++++++++++++++++++------------
mm/huge_memory.c | 2 +-
mm/hugetlb.c | 18 +++++++++++++--
mm/internal.h | 17 ++++++++++----
12 files changed, 152 insertions(+), 39 deletions(-)
--
2.23.0
Powered by blists - more mailing lists