From mboxrd@z Thu Jan 1 00:00:00 1970 From: Richard Guy Briggs Subject: Re: Report Double Fetch Bug Found in Linux-4.6.1/kernel/auditsc.c Date: Mon, 20 Jun 2016 14:22:15 -0400 Message-ID: <20160620182215.GC25615@madcap2.tricolour.ca> References: Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: Content-Disposition: inline In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Pengfei Wang Cc: security@kernel.org, linux-audit@redhat.com, "Krinke, Jens" List-Id: linux-audit@redhat.com T24gMjAxNi0wNi0yMCAxNDo1MCwgUGVuZ2ZlaSBXYW5nIHdyb3RlOgo+IEhlbGxvLAo+IAo+IEkg Zm91bmQgdGhpcyBEb3VibGUtRmV0Y2ggaXNzdWUgaW4gTGludXgtNC42LjEva2VybmVsL2F1ZGl0 c2MuYyB3aGVuIEkKPiB3YXMgZXhhbWluaW5nIHRoZSBzb3VyY2UgY29kZSwgd2hpY2ggSSB0aGlu ayBpcyBhIGJ1Zy4KPiAKPiBJbiBmdW5jdGlvbiBhdWRpdF9sb2dfc2luZ2xlX2V4ZWN2ZV9hcmco KSwgdGhlIHdob2xlIGFyZ3VtZW50IGlzCj4gZmV0Y2hlZCBmcm9tIHVzZXIgc3BhY2UgdHdpY2Ug dmlhIGNvcHlfZnJvbV91c2VyKCkuIEluIHRoZSBmaXJzdCBsb29wLAo+IGl0IGlzIGZpcnN0bHkg ZmV0Y2hlZCAobGluZSAxMDM4KSB0byB2ZXJpZnksIGFrYSBsb29raW5nIGZvciBub24tYXNjaWkK PiBjaGFycy4gV2hpbGUgaW4gdGhlIHNlY29uZCBsb29wLCB0aGUgd2hvbGUgYXJndW1lbnQgaXMg ZmV0Y2hlZCBhZ2Fpbgo+IChsaW5lIDExMDUpIGZyb20gdXNlciBzcGFjZSBhbmQgdXNlZCBhdCBs aW5lIDExMjEgYW5kIGxpbmUgMTEyMwo+IHJlc3BlY3RpdmVseSBkZXBlbmRzIG9uIHRoZSBwcmV2 aW91cyB2ZXJpZmljYXRpb24uCj4gCj4gSG93ZXZlciwgYSBkb3VibGUgZmV0Y2ggcHJvYmxlbSBo YXBwZW5zIHdoZW4gdGhlIHVzZXIgc3BhY2UgZmV0Y2hlZAo+IGRhdGEgaXMgY2hhbmdlZCBieSBh IGNvbmN1cnJlbnRseSBydW5uaW5nIHVzZXIgdGhyZWFkIHVuZGVyIHJhY2UKPiBjb25kaXRpb24g ZHVyaW5nIHRoZSB2ZXJpZmljYXRpb24gYW5kIHRoZSB1c2FnZSwgYW5kIHRoZSBkYXRhCj4gaW5j b25zaXN0ZW5jeSB3aWxsIGNhdXNlIHNlcmlvdXMgcHJvYmxlbXMuIEluIHRoaXMgY2FzZSwgdGhl IHZlcmlmaWVkCj4gbm9uLWFzY2lpIGFyZ3VtZW50IGZyb20gdGhlIGZpcnN0IGxvb3AgaXMgbGlr ZWx5IHRvIGJlIGNoYW5nZWQgdG8gYW4KPiBhc2NpaSBvbmUgKGkuZS4gY29udGFpbmluZyDigJgg 4oCcIOKAmSkgIHdoaWNoIHdpbGwgYmUgdXNlZCBpbiB0aGUgc2Vjb25kCj4gbG9vcC4gVGhlbiB0 aGUgYXJndW1lbnQgaXMgcGFzc2VkIHRvIGF1ZGl0X2xvZ19zdHJpbmcoKSBhcyBub25lLWFzY2lp LAo+IHRoZW4gbW92ZSBmb3J3YXJkIGluIGF1ZGl0X2xvZ19uX3N0cmluZygpIG9mIGZpbGUgYXVk aXQuYywgdGhlIHN0cmluZwo+IGlzIGVuY2xvc2VkIHdpdGggcXVvdGUgbWFya3MgYXMgd2VsbC4g U2luY2UgdGhlIHN0cmluZyBjb250YWlucwo+IGFub3RoZXIgcXVvdGUgbWFyayBpbiB0aGUgbWlk ZGxlLCBwcm9ibGVtcyB3aWxsIGhhcHBlbiB3aGVuIHByb2Nlc3NpbmcKPiB0aGUgc3RyaW5nIGJh c2VkIG9uIHF1b3RlIG1hcmssIGUuZy4gdGhlIHN0cmluZyB3aWxsIGJlIHJlY29nbml6ZWQgYXMK PiBhIHNob3J0ZXIgb25lIGJhc2VkIG9uIHRoZSBtaWRkbGUgcXVvdGUgbWFyay4gSSBiZWxpZXZl IG90aGVyCj4gY29uc2VxdWVuY2VzIGFyZSBhbHNvIGxpa2VseSB0byBiZSBjYXVzZWQgb25jZSB0 aGUgbm9uZSBjb250cm9sIHN0cmluZwo+IGlzIHRyZWF0ZWQgYXMgYSBjb250cm9sIHN0cmluZywg b3IgdmljZSB2ZXJzYSwgd2hpY2ggaXMgdmVyeSBsaWtlbHkgdG8KPiBoYXBwZW4gdW5kZXIgZG91 YmxlIGZldGNoIHNpdHVhdGlvbnMuCgpUaGlzIGZ1bmN0aW9uIGlzIG9ubHkgZXZlciBjYWxsZWQg YnkgX19hdWRpdF9mcmVlKCksIHdoaWNoIGlzIG9ubHkgZXZlcgpjYWxsZWQgb24gZmFpbHVyZSBv ZiB0YXNrIGNyZWF0aW9uIG9yIG9uIGV4aXQgb2YgdGhlIHRhc2ssIHNvIGluIG5laXRoZXIKY2Fz ZSBjYW4gYW55dGhpbmcgZWxzZSBjaGFuZ2UgaXQuCgpJIGRvbid0IHRoaW5rIHdoYXQgeW91IGRl c2NyaWJlIHdpbGwgZXZlciBoYXBwZW4uCgo+IEkgYW0gbG9va2luZyBmb3J3YXJkIHRvIGEgcmVw bHkgdG8gY29uZmlybSB0aGlzLCB0aGFuayB5b3UhCj4gCj4gS2luZCByZWdhcmRzCj4gCj4gUGVu Z2ZlaQoKLSBSR0IKCi0tClJpY2hhcmQgR3V5IEJyaWdncyA8cmdiQHJlZGhhdC5jb20+Cktlcm5l bCBTZWN1cml0eSBFbmdpbmVlcmluZywgQmFzZSBPcGVyYXRpbmcgU3lzdGVtcywgUmVkIEhhdApS ZW1vdGUsIE90dGF3YSwgQ2FuYWRhClZvaWNlOiArMS42NDcuNzc3LjI2MzUsIEludGVybmFsOiAo ODEpIDMyNjM1CgotLQpMaW51eC1hdWRpdCBtYWlsaW5nIGxpc3QKTGludXgtYXVkaXRAcmVkaGF0 LmNvbQpodHRwczovL3d3dy5yZWRoYXQuY29tL21haWxtYW4vbGlzdGluZm8vbGludXgtYXVkaXQ=