Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 26 Jun 2018 13:11:56 -0400
From: "Martin K. Petersen" <>
To: Jann Horn <>
Cc: Doug Gilbert <>,
        "James E.J. Bottomley" <>,
        "Martin K. Petersen" <>,, Christoph Hellwig <>,
        Al Viro <>, Andy Lutomirski <>,, Jens Axboe <>,
        FUJITA Tomonori <>,,,
        Benjamin Block <>
Subject: Re: [PATCH v3] sg: mitigate read/write abuse


> As Al Viro noted in commit 128394eff343 ("sg_write()/bsg_write() is
> not fit to be called under KERNEL_DS"), sg improperly accesses
> userspace memory outside the provided buffer, permitting kernel memory
> corruption via splice().  But it doesn't just do it on ->write(), also
> on ->read().
> As a band-aid, make sure that the ->read() and ->write() handlers can
> not be called in weird contexts (kernel context or credentials
> different from file opener), like for ib_safe_file_access().

Applied to 4.18/scsi-fixes with the naming fix pointed out by Doug.


Martin K. Petersen	Oracle Linux Engineering

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.