| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Jun 2023 10:21:31 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: Roberto Sassu <roberto.sassu@...weicloud.com>
Cc: linux-kernel@...r.kernel.org,
Roberto Sassu <roberto.sassu@...wei.com>,
stable@...r.kernel.org,
Marc-André Lureau
<marcandre.lureau@...hat.com>,
Mike Kravetz <mike.kravetz@...cle.com>
Subject: Re: [PATCH] memfd: Check for non-NULL file_seals in memfd_create()
syscall
On Wed, 7 Jun 2023 15:24:27 +0200 Roberto Sassu <roberto.sassu@...weicloud.com> wrote:
> From: Roberto Sassu <roberto.sassu@...wei.com>
>
> Ensure that file_seals is non-NULL before using it in the memfd_create()
> syscall. One situation in which memfd_file_seals_ptr() could return a NULL
> pointer is when CONFIG_SHMEM=n.
Thanks. Has thie crash actually been demonstrated?
> --- a/mm/memfd.c
> +++ b/mm/memfd.c
> @@ -371,12 +371,15 @@ SYSCALL_DEFINE2(memfd_create,
>
> inode->i_mode &= ~0111;
> file_seals = memfd_file_seals_ptr(file);
> - *file_seals &= ~F_SEAL_SEAL;
> - *file_seals |= F_SEAL_EXEC;
> + if (file_seals) {
> + *file_seals &= ~F_SEAL_SEAL;
> + *file_seals |= F_SEAL_EXEC;
> + }
> } else if (flags & MFD_ALLOW_SEALING) {
> /* MFD_EXEC and MFD_ALLOW_SEALING are set */
> file_seals = memfd_file_seals_ptr(file);
> - *file_seals &= ~F_SEAL_SEAL;
> + if (file_seals)
> + *file_seals &= ~F_SEAL_SEAL;
> }
>
> fd_install(fd, file);
Powered by blists - more mailing lists