From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752680AbbCYLIb (ORCPT ); Wed, 25 Mar 2015 07:08:31 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:46153 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752624AbbCYLI2 (ORCPT ); Wed, 25 Mar 2015 07:08:28 -0400 Date: Wed, 25 Mar 2015 12:08:25 +0100 From: Greg Kroah-Hartman To: Alexander Holler Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Al Viro Subject: Re: [PATCH 3.19 091/123] gadgetfs: use-after-free in ->aio_read() Message-ID: <20150325110825.GA23629@kroah.com> References: <20150324154423.655554012@linuxfoundation.org> <20150324154428.117696639@linuxfoundation.org> <55119F29.5030308@ahsoftware.de> <20150324175850.GA7215@kroah.com> <5511A7C0.2000807@ahsoftware.de> <20150325083353.GC28204@kroah.com> <55127E8F.6010007@ahsoftware.de> <20150325101507.GA20259@kroah.com> <551294E6.5020609@ahsoftware.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <551294E6.5020609@ahsoftware.de> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Mar 25, 2015 at 11:58:46AM +0100, Alexander Holler wrote: > Am 25.03.2015 um 11:15 schrieb Greg Kroah-Hartman: > >On Wed, Mar 25, 2015 at 10:23:27AM +0100, Alexander Holler wrote: > >>Am 25.03.2015 um 09:33 schrieb Greg Kroah-Hartman: > > >>>Is there a specific patch that is in Linus's tree that fixes this issue > >>>that I should be applying to the stable tree? > >> > >>No specific one. The changes of this patch were discarded by other patches > >>in Linus tree which fixed other problems of gadgetfs too. > >> > >>Besides that the solution for this one specific patch is a one-liner, I'll > >>give a short overview: > >> > >>- gadgetfs is already unusable since 3.16 (even with this patch) because > >>(p)read/(p)write doesn't work (fixed with 4.0) > >>- the problem this patch fixes is unlikely to be hit because glibc doesn't > >>use the Linux aio-syscall, but pread/pwrite, which means someone has to use > >>a special lib and not aio(7) to end up at the syscall the patch in question > >>fixes. > >>- there aren't that many users of gadgetfs > >> > >>No idea if you want to apply or backport the whole series found in Al Viros > >>vfs.git/gadgetfs. > > > >As this has been broken since 3.16, and no one has taken the time to fix > >it since then, it's not really an issue here, people can just use 4.0 if > >they want it. > > Just a hint I think which should be kept in mind: Debian still uses > something below 3.16, which very likely is the reason why nobody has hit > (and examined) these bugs before. Not all the world is Debian :)