Date: Tue, 26 Jun 2018 13:11:56 -0400 From: "Martin K. Petersen" <martin.petersen@...cle.com> To: Jann Horn <jannh@...gle.com> Cc: Doug Gilbert <dgilbert@...erlog.com>, "James E.J. Bottomley" <jejb@...ux.vnet.ibm.com>, "Martin K. Petersen" <martin.petersen@...cle.com>, linux-scsi@...r.kernel.org, Christoph Hellwig <hch@...radead.org>, Al Viro <viro@...iv.linux.org.uk>, Andy Lutomirski <luto@...nel.org>, linux-kernel@...r.kernel.org, Jens Axboe <axboe@...nel.dk>, FUJITA Tomonori <fujita.tomonori@....ntt.co.jp>, kernel-hardening@...ts.openwall.com, security@...nel.org, Benjamin Block <bblock@...ux.vnet.ibm.com> Subject: Re: [PATCH v3] sg: mitigate read/write abuse Jann, > As Al Viro noted in commit 128394eff343 ("sg_write()/bsg_write() is > not fit to be called under KERNEL_DS"), sg improperly accesses > userspace memory outside the provided buffer, permitting kernel memory > corruption via splice(). But it doesn't just do it on ->write(), also > on ->read(). > > As a band-aid, make sure that the ->read() and ->write() handlers can > not be called in weird contexts (kernel context or credentials > different from file opener), like for ib_safe_file_access(). Applied to 4.18/scsi-fixes with the naming fix pointed out by Doug. Thanks! -- Martin K. Petersen Oracle Linux Engineering
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.