From: Greg KH <gregkh@linuxfoundation.org>
To: Adam Borowski <kilobyte@angband.pl>
Cc: stable@vger.kernel.org, stable-commits@vger.kernel.org
Subject: Re: Patch "vt: fix unchecked __put_user() in tioclinux ioctls" has been added to the 4.12-stable tree
Date: Tue, 18 Jul 2017 18:16:57 +0200 [thread overview]
Message-ID: <20170718161657.GA19276@kroah.com> (raw)
In-Reply-To: <20170718160221.7wvzvsnjxrpwczxd@angband.pl>
On Tue, Jul 18, 2017 at 06:02:21PM +0200, Adam Borowski wrote:
> On Tue, Jul 18, 2017 at 05:43:09PM +0200, gregkh@linuxfoundation.org wrote:
> > This is a note to let you know that I've just added the patch titled
> >
> > vt: fix unchecked __put_user() in tioclinux ioctls
> >
> > to the 4.12-stable tree which can be found at:
> > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> ----
> > From: Adam Borowski <kilobyte@angband.pl>
> >
> > commit 6987dc8a70976561d22450b5858fc9767788cc1c upstream.
> >
> > Only read access is checked before this call.
> >
> > Actually, at the moment this is not an issue, as every in-tree arch does
> > the same manual checks for VERIFY_READ vs VERIFY_WRITE, relying on the MMU
> > to tell them apart, but this wasn't the case in the past and may happen
> > again on some odd arch in the future.
> >
> > If anyone cares about 3.7 and earlier, this is a security hole (untested)
> > on real 80386 CPUs.
>
> Note that this is a no-op on any modern kernel (>3.7), as on all
> architectures checking VERIFY_READ is exactly same as VERIFY_WRITE.
>
> I've submitted this patch for two reasons:
> * it makes getting rid of __put_user() easier
> * in case the distinction between VERIFY_READ and VERIFY_WRITE becomes used
> again at some point in the future
>
> Neither reason applies to stable kernels younger than 3.7. The patch
> doesn't hurt, though, so if rebasing to drop it would be even a notch more
> effort for you than keeping, it can stay.
>
> The only stable kernel that old still maintained is 3.2 (Ben Hutchings) --
> it's _apparently_ a local root hole on real 80386 machines. By 80386 I mean
> only that exact chip and perhaps faithful clones, 486+ excluded. I have a
> strong feeling Ben doesn't give a damn about 80386 CPUs, considering that
> the distribution he cares about doesn't support that hardware for many, many
> years, and people rolling their own userspace or using an ancient distro
> don't quite use it for security-sensitive stuff either.
I think it's good to have backported so that people, if they are using
older kernels, will see this and know to apply it (like Ben, or those
"enterprise" distros out there supporting older-than-3.2 kernels...)
thanks,
greg k-h
prev parent reply other threads:[~2017-07-18 16:17 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-18 15:43 Patch "vt: fix unchecked __put_user() in tioclinux ioctls" has been added to the 4.12-stable tree gregkh
2017-07-18 16:02 ` Adam Borowski
2017-07-18 16:16 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170718161657.GA19276@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=kilobyte@angband.pl \
--cc=stable-commits@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.