| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210221083705.3075978-1-snovitoll@gmail.com>
Date: Sun, 21 Feb 2021 14:37:05 +0600
From: Sabyrzhan Tasbolatov <snovitoll@...il.com>
To: torvalds@...ux-foundation.org
Cc: gregkh@...uxfoundation.org, jirislaby@...nel.org,
linux-kernel@...r.kernel.org,
syzbot+3d2c27c2b7dc2a94814d@...kaller.appspotmail.com,
syzkaller-bugs@...glegroups.com, viro@...iv.linux.org.uk
Subject: Re: WARNING in iov_iter_revert (2)
> --- a/drivers/tty/tty_io.c
> +++ b/drivers/tty/tty_io.c
> @@ -961,6 +961,9 @@ static inline ssize_t do_tty_write(
> ret = write(tty, file, tty->write_buf, size);
> if (ret <= 0)
> break;
> + /* ttyprintk historical oddity */
> + if (ret > size)
> + break;
>
> /* FIXME! Have Al check this! */
> if (ret != size)
>
> in there. Because right now we clearly do strange and not-so-wonderful
> things if the write routine returns a bigger value than it was
> passed.. Not limited to that iov_iter_revert() thing, but the whole
> loop.
>
> Comments?
Just want to comment that this fix is correct (tested),
rather than what I did [1] to return abruptly
in the beginning of do_tty_write() for write(fd, NULL, 0) case.
Let me know if I can prepare a patch with Linus's fix above.
[1] https://lore.kernel.org/lkml/20210217155536.2986178-1-snovitoll@gmail.com
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
@@ -905,6 +905,9 @@ static inline ssize_t do_tty_write(
ssize_t ret, written = 0;
unsigned int chunk;
+ if (!count)
+ return -EFAULT;
+
ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
if (ret < 0)
return ret;
Powered by blists - more mailing lists