| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 27 Feb 2023 15:20:13 +0100
From: "Linux regression tracking (Thorsten Leemhuis)"
<regressions@...mhuis.info>
To: George Kennedy <george.kennedy@...cle.com>
Cc: Thomas Weißschuh <linux@...ssschuh.net>,
Jiri Slaby <jirislaby@...nel.org>,
linux-kernel@...r.kernel.org, Randy Dunlap <rdunlap@...radead.org>,
Storm Dragon <stormdragon2976@...il.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
sfr@...b.auug.org.au, akpm@...ux-foundation.org,
linux-serial@...r.kernel.org,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Linux kernel regressions list <regressions@...ts.linux.dev>
Subject: Re: [PATCH] vc_screen: don't clobber return value in vcs_read
Hi, this is your Linux kernel regression tracker. Top-posting for once,
to make this easily accessible to everyone.
George, is there anything we can do to help you moving forward to
finally get this regression fixed? It seems (or am I missing something?)
everyone is waiting for you (see below) to act on the feedback Jiri
provided here:
https://lore.kernel.org/lkml/8dffe187-240d-746e-ed84-885ffd2785f6@kernel.org/
Side note: would be good to add a "Link:" tag pointing to the start of
this thread as well, but that's just a detail.
Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
--
Everything you wanna know about Linux kernel regression tracking:
https://linux-regtracking.leemhuis.info/about/#tldr
If I did something stupid, please tell me, as explained on that page.
On 21.02.23 14:50, Greg Kroah-Hartman wrote:
> On Tue, Feb 21, 2023 at 08:30:11AM -0500, George Kennedy wrote:
>> On 2/20/2023 11:34 AM, Thomas Weißschuh wrote:
>>> +Cc people who were involved in the original thread.
>>>
>>> On Mon, Feb 20, 2023 at 12:48:59PM +0100, Jiri Slaby wrote:
>>>> On 20. 02. 23, 7:46, linux@...ssschuh.net wrote:
>>>>> From: Thomas Weißschuh <linux@...ssschuh.net>
>>>>>
>>>>> Commit 226fae124b2d
>>>>> ("vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF")
>>>>> moved the call to vcs_vc() into the loop.
>>>>> While doing this it also moved the unconditional assignment of
>>>>> "ret = -ENXIO".
>>>>> This unconditional assignment was valid outside the loop but within it
>>>>> it clobbers the actual value of ret.
>>>>>
>>>>> To avoid this only assign "ret = -ENXIO" when actually needed.
>>>> Not sure -- I cannot find it -- but hasn't George fixed this yet?
>>> Indeed there was a proposed fix at
>>> https://lore.kernel.org/lkml/1675704844-17228-1-git-send-email-george.kennedy@oracle.com/
>>>
>>> Linus had some suggestions so it was not applied as is.
>>>
>>> I'm not sure what the current state is.
>>> George, do you have something in the pipeline?
>>
>> Yes, that is in the pipeline:
>> https://lore.kernel.org/lkml/1675774098-17722-1-git-send-email-george.kennedy@oracle.com/
>>
>> Linus suggested the fix, which was tested and submitted.
>>
>> Jiri commented on the patch, which I believe was directed at Linus as he
>> suggested the fix.
>
> And I was waiting for a new version from you based on those comments :(
>
> Can you fix that up and send?
>
> thanks,
>
> greg k-h
#regzbot monitor:
https://lore.kernel.org/lkml/1675774098-17722-1-git-send-email-george.kennedy@oracle.com/
#regzbot poke
Powered by blists - more mailing lists