Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 9 Jul 2016 10:07:34 -0700
From: Kees Cook <>
To: Valdis Kletnieks <>
Cc: "" <>, Christoph Lameter <>, 
	Jan Kara <>, Catalin Marinas <>, 
	Will Deacon <>, Linux-MM <>, 
	sparclinux <>,, 
	Andrea Arcangeli <>, linux-arch <>, 
	"" <>, Russell King <>, PaX Team <>, 
	Borislav Petkov <>, Mathias Krause <>, Fenghua Yu <>, 
	Rik van Riel <>, David Rientjes <>, Tony Luck <>, 
	Andy Lutomirski <>, Joonsoo Kim <>, 
	Dmitry Vyukov <>, Laura Abbott <>, 
	Brad Spengler <>, Ard Biesheuvel <>, 
	LKML <>, Pekka Enberg <>, 
	Case y Sc hauf ler <>, Andrew Morton <>, 
	"" <>, "David S. Miller" <>, 
	"" <>
Subject: Re: Re: [PATCH 9/9] mm: SLUB hardened usercopy support

On Fri, Jul 8, 2016 at 11:17 PM,  <> wrote:
> Yeah, 'ping' dies with a similar traceback going to rawv6_setsockopt(),
> and 'trinity' dies a horrid death during initialization because it creates
> some sctp sockets to fool around with.  The problem in all these cases is that
> setsockopt uses copy_from_user() to pull in the option value, and the allocation
> isn't tagged with USERCOPY to whitelist it.

Just a note to clear up confusion: this series doesn't include the
whitelist protection, so this appears to be either bugs in the slub
checker or bugs in the code using the cfq_io_cq cache. I suspect the
former. :)


Kees Cook
Chrome OS & Brillo Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.