From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:42410 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751572AbdGRQRJ (ORCPT ); Tue, 18 Jul 2017 12:17:09 -0400 Date: Tue, 18 Jul 2017 18:16:57 +0200 From: Greg KH To: Adam Borowski Cc: stable@vger.kernel.org, stable-commits@vger.kernel.org Subject: Re: Patch "vt: fix unchecked __put_user() in tioclinux ioctls" has been added to the 4.12-stable tree Message-ID: <20170718161657.GA19276@kroah.com> References: <1500392589224197@kroah.com> <20170718160221.7wvzvsnjxrpwczxd@angband.pl> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170718160221.7wvzvsnjxrpwczxd@angband.pl> Sender: stable-owner@vger.kernel.org List-ID: On Tue, Jul 18, 2017 at 06:02:21PM +0200, Adam Borowski wrote: > On Tue, Jul 18, 2017 at 05:43:09PM +0200, gregkh@linuxfoundation.org wrote: > > This is a note to let you know that I've just added the patch titled > > > > vt: fix unchecked __put_user() in tioclinux ioctls > > > > to the 4.12-stable tree which can be found at: > > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary > ---- > > From: Adam Borowski > > > > commit 6987dc8a70976561d22450b5858fc9767788cc1c upstream. > > > > Only read access is checked before this call. > > > > Actually, at the moment this is not an issue, as every in-tree arch does > > the same manual checks for VERIFY_READ vs VERIFY_WRITE, relying on the MMU > > to tell them apart, but this wasn't the case in the past and may happen > > again on some odd arch in the future. > > > > If anyone cares about 3.7 and earlier, this is a security hole (untested) > > on real 80386 CPUs. > > Note that this is a no-op on any modern kernel (>3.7), as on all > architectures checking VERIFY_READ is exactly same as VERIFY_WRITE. > > I've submitted this patch for two reasons: > * it makes getting rid of __put_user() easier > * in case the distinction between VERIFY_READ and VERIFY_WRITE becomes used > again at some point in the future > > Neither reason applies to stable kernels younger than 3.7. The patch > doesn't hurt, though, so if rebasing to drop it would be even a notch more > effort for you than keeping, it can stay. > > The only stable kernel that old still maintained is 3.2 (Ben Hutchings) -- > it's _apparently_ a local root hole on real 80386 machines. By 80386 I mean > only that exact chip and perhaps faithful clones, 486+ excluded. I have a > strong feeling Ben doesn't give a damn about 80386 CPUs, considering that > the distribution he cares about doesn't support that hardware for many, many > years, and people rolling their own userspace or using an ancient distro > don't quite use it for security-sensitive stuff either. I think it's good to have backported so that people, if they are using older kernels, will see this and know to apply it (like Ben, or those "enterprise" distros out there supporting older-than-3.2 kernels...) thanks, greg k-h