lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 7 Aug 2020 12:55:32 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     linux-kernel@...r.kernel.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Jessica Yu <jeyu@...nel.org>,
        kernel test robot <lkp@...el.com>,
        Shuah Khan <shuah@...nel.org>
Subject: [GIT PULL] kallsyms_show_value-fix updates for v5.9-rc1

Hi Linus,

Please pull this fix to my kallsyms_show_value() refactoring for
v5.9-rc1. About a month after the original refactoring landed, 0day
noticed that there was a path through the kernfs binattr read handlers
that did not have PAGE_SIZEd buffers, and the module "sections" read
handler made a bad assumption about this, resulting in it stomping on
memory when reached through small-sized splice() calls. I've added a set
of tests to find these kinds of regressions more quickly in the future
as well.

Thanks!

-Kees

The following changes since commit bcf876870b95592b52519ed4aafcf9d95999bc9c:

  Linux 5.8 (2020-08-02 14:21:45 -0700)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/kallsyms_show_value-fix-v5.9-rc1

for you to fetch changes up to 9af47666cb0f331bfcd76799ee368cdfcb00882c:

  selftests: splice: Check behavior of full and short splices (2020-08-07 10:50:11 -0700)

----------------------------------------------------------------
Fix sysfs module section output overflow

----------------------------------------------------------------
Kees Cook (2):
      module: Correctly truncate sysfs sections output
      selftests: splice: Check behavior of full and short splices

 kernel/module.c                                    | 22 +++++++--
 tools/testing/selftests/splice/.gitignore          |  1 +
 tools/testing/selftests/splice/Makefile            |  4 +-
 tools/testing/selftests/splice/config              |  1 +
 tools/testing/selftests/splice/settings            |  1 +
 .../testing/selftests/splice/short_splice_read.sh  | 56 +++++++++++++++++++++
 tools/testing/selftests/splice/splice_read.c       | 57 ++++++++++++++++++++++
 7 files changed, 137 insertions(+), 5 deletions(-)
 create mode 100644 tools/testing/selftests/splice/config
 create mode 100644 tools/testing/selftests/splice/settings
 create mode 100755 tools/testing/selftests/splice/short_splice_read.sh
 create mode 100644 tools/testing/selftests/splice/splice_read.c

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ