| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 May 2020 07:30:30 +0000
From: Ashwin H <ashwinh@...are.com>
To: Greg KH <gregkh@...uxfoundation.org>
CC: "x86@...nel.org" <x86@...nel.org>,
"dri-devel@...ts.freedesktop.org" <dri-devel@...ts.freedesktop.org>,
"intel-gfx@...ts.freedesktop.org" <intel-gfx@...ts.freedesktop.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"stable@...nel.org" <stable@...nel.org>,
Srivatsa Bhat <srivatsab@...are.com>,
"srivatsa@...il.mit.edu" <srivatsa@...il.mit.edu>,
"rostedt@...dmis.org" <rostedt@...dmis.org>,
Steven Rostedt <srostedt@...are.com>,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: RE: [PATCH v4.19.x] make 'user_access_begin()' do 'access_ok()'
> -----Original Message-----
> From: Greg KH <gregkh@...uxfoundation.org>
> Sent: Wednesday, May 27, 2020 9:02 PM
> To: Ashwin H <ashwinh@...are.com>
> Cc: x86@...nel.org; dri-devel@...ts.freedesktop.org; intel-
> gfx@...ts.freedesktop.org; linux-kernel@...r.kernel.org; stable@...nel.org;
> Srivatsa Bhat <srivatsab@...are.com>; srivatsa@...il.mit.edu;
> rostedt@...dmis.org; Steven Rostedt <srostedt@...are.com>; Linus
> Torvalds <torvalds@...ux-foundation.org>
> Subject: Re: [PATCH v4.19.x] make 'user_access_begin()' do 'access_ok()'
>
> On Wed, May 13, 2020 at 05:08:19PM +0000, Ashwin H wrote:
> > > Ok, but what does that mean for us?
> > >
> > > You need to say why you are sending a patch, otherwise we will guess
> wrong.
> >
> > In drivers/gpu/drm/i915/i915_gem_execbuffer.c, ioctl functions does
> user_access_begin() without doing access_ok(Checks if a user space pointer
> is valid) first.
> > A local attacker can craft a malicious ioctl function call to
> > overwrite arbitrary kernel memory, resulting in a Denial of Service or
> > privilege escalation (CVE-2018-20669)
> >
> > This patch makes sure that user_access_begin always does access_ok.
> > user_access_begin has been modified to do access_ok internally.
>
> I had this in the tree, but it broke the build on alpha, sh, and maybe a few
> others :(
>
Thanks Greg for including this patch.
I am sorry that this patch caused the failure. As I see this is not a build failure but tests have failed.
Build results:
total: 155 pass: 155 fail: 0
Qemu test results:
total: 421 pass: 390 fail: 31
Failed tests:
<all alpha>
<all sh>
<all sheb>
> See:
> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F
> %2Flore.kernel.org%2Fr%2F20200527140225.GA214763%40roeck-
> us.net&data=02%7C01%7Cashwinh%40vmware.com%7Cd8f60bb8a4584
> 7caa10f08d802530997%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7
> C637261902960990057&sdata=Vjv9v0QhebfcOGSq1UUDKshTDA%2FOV
> 4aKbqzKKJkEQxM%3D&reserved=0
> for the details.
>
> Can you dig out all of the needed follow-on patches as well, and send them
> all as a patch series for 4.19.y so that I can queue them all up at once?
>
I will check for follow-on patches and get back.
> thanks,
>
> greg k-h
Thanks,
Ashwin
Powered by blists - more mailing lists