lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 24 Feb 2016 13:45:21 -0500 (EST)
From:	David Miller <davem@...emloft.net>
To:	xiyou.wangcong@...il.com
Cc:	netdev@...r.kernel.org, dvyukov@...gle.com,
	linux-wireless@...r.kernel.org, julian.calaby@...il.com,
	eric.dumazet@...il.com, lauro.venancio@...nbossa.org,
	aloisio.almeida@...nbossa.org, sameo@...ux.intel.com
Subject: Re: [PATCH v2 net] nfc: use GFP_USER for user-controlled kmalloc

From: Cong Wang <xiyou.wangcong@...il.com>
Date: Wed, 24 Feb 2016 10:41:29 -0800

> On Fri, Jan 29, 2016 at 11:24 AM, Cong Wang <xiyou.wangcong@...il.com> wrote:
>> These two functions are called in sendmsg path, and the
>> 'len' is passed from user-space, so we should not allow
>> malicious users to OOM kernel on purpose.
>>
>> Reported-by: Dmitry Vyukov <dvyukov@...gle.com>
>> Cc: Lauro Ramos Venancio <lauro.venancio@...nbossa.org>
>> Cc: Aloisio Almeida Jr <aloisio.almeida@...nbossa.org>
>> Cc: Samuel Ortiz <sameo@...ux.intel.com>
>> Signed-off-by: Cong Wang <xiyou.wangcong@...il.com>
> 
> Ping...
> 
> David, this patch seems still not applied, I guess you expect NFC
> maintainer to take it, but this doesn't happen. Could you take it?

The NFC maintainer needs to take this, ping them explicitly if
you have to.

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ