Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 21 Jun 2018 14:51:16 +0200
From: Jann Horn <>
To: Christoph Hellwig <>
Cc:,, Al Viro <>,,,,,, kernel list <>, 
	Kernel Hardening <>,
Subject: Re: [PATCH] sg, bsg: mitigate read/write abuse, block uaccess in release

On Thu, Jun 21, 2018 at 2:34 PM Christoph Hellwig <> wrote:
> On Mon, Jun 18, 2018 at 09:37:01AM -0600, Jens Axboe wrote:
> > It was born with that mode, but I don't think anyone ever really used it.
> > So it might feasible to simply yank it. That said, just doing a prune
> > mode at ->release() time doesn't seem like such a hard task.
> Let's try to kill it.  It is a significant amount of code, which does
> fishy things and is probably entirely unused:
> ---
> From baec733be1b400d73d0fa2bfc07684598c4172e7 Mon Sep 17 00:00:00 2001
> From: Christoph Hellwig <>
> Date: Thu, 21 Jun 2018 14:31:32 +0200
> Subject: bsg: remove read/write support
> The code poses a security risk due to user memory access in ->release
> and had an API that can't be used reliably.  As far as we know it was
> never used for real, but if that turns out wrong we'll have to revert
> this commit and come up with a band aid.

FWIW, I just had a look through Debian's codesearch (which AFAIK scans
through the source code of all software that Debian packages) for uses
of struct sg_io_v4:

Hits that seem to be using read() or write() with struct sg_io_v4 on
bsg devices:

In the package
In the package

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.