From: Kees Cook <keescook@chromium.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org, Bart Massey <bart.massey@gmail.com>,
Dave Kleikamp <shaggy@kernel.org>,
jfs-discussion@lists.sourceforge.net,
Kees Cook <keescook@chromium.org>,
stable@vger.kernel.org
Subject: [GIT PULL] usercopy fix for v4.18-rc8
Date: Sat, 4 Aug 2018 08:04:51 -0700 [thread overview]
Message-ID: <20180804150451.GA31926@beast> (raw)
Hi,
Please pull this usercopy fix for v4.18-rc8. Bart Massey discovered that
the usercopy whitelist for JFS was incomplete: the inline inode data may
intentionally "overflow" into the neighboring "extended area", so the
size of the whitelist needed to be raised to include the neighboring
field.
Thanks!
-Kees
The following changes since commit 7daf201d7fe8334e2d2364d4e8ed3394ec9af819:
Linux 4.18-rc2 (2018-06-24 20:54:29 +0800)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/usercopy-fix-v4.18-rc8
for you to fetch changes up to 961b33c244e5ba1543ae26270a1ba29f29c2db83:
jfs: Fix usercopy whitelist for inline inode data (2018-08-04 07:53:46 -0700)
----------------------------------------------------------------
- Fix JFS usercopy whitelist (it needed to cover neighboring field too) for
"overflow" inline inode data.
----------------------------------------------------------------
Kees Cook (1):
jfs: Fix usercopy whitelist for inline inode data
fs/jfs/jfs_dinode.h | 7 +++++++
fs/jfs/jfs_incore.h | 1 +
fs/jfs/super.c | 3 +--
3 files changed, 9 insertions(+), 2 deletions(-)
--
Kees Cook
Pixel Security
reply other threads:[~2018-08-04 15:05 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180804150451.GA31926@beast \
--to=keescook@chromium.org \
--cc=bart.massey@gmail.com \
--cc=jfs-discussion@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=shaggy@kernel.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.