From mboxrd@z Thu Jan 1 00:00:00 1970 From: Richard Guy Briggs Subject: Re: Report Double Fetch Bug Found in Linux-4.6.1/kernel/auditsc.c Date: Tue, 21 Jun 2016 14:14:31 -0400 Message-ID: <20160621181431.GD25615@madcap2.tricolour.ca> References: <20160620182215.GC25615@madcap2.tricolour.ca> <20160620191814.GA2942@redhat.com> <480FAE99-E4E1-42D0-ABD5-8DC24A7EC9BB@gmail.com> <1466502671.27155.185.camel@decadent.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: Content-Disposition: inline In-Reply-To: <1466502671.27155.185.camel@decadent.org.uk> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Ben Hutchings Cc: security@kernel.org, Pengfei Wang , "Krinke, Jens" , Oleg Nesterov , linux-audit@redhat.com List-Id: linux-audit@redhat.com T24gMjAxNi0wNi0yMSAxMDo1MSwgQmVuIEh1dGNoaW5ncyB3cm90ZToKPiBPbiBUdWUsIDIwMTYt MDYtMjEgYXQgMTA6MzcgKzAxMDAsIFBlbmdmZWkgV2FuZyB3cm90ZToKPiA+ID4gCj4gPiA+IOWc qCAyMDE25bm0NuaciDIw5pel77yM5LiL5Y2IODoxOO+8jE9sZWcgTmVzdGVyb3YgPG9sZWdAcmVk aGF0LmNvbT4g5YaZ6YGT77yaCj4gPiA+IAo+ID4gPiBOb3QgdGhhdCBJIHVuZGVyc3RhbmQgdGhp cyByZXBvcnQsIGJ1dAo+ID4gPiAKPiA+ID4gT24gMDYvMjAsIFJpY2hhcmQgR3V5IEJyaWdncyB3 cm90ZToKPiA+ID4gPiAKPiA+ID4gPiBUaGlzIGZ1bmN0aW9uIGlzIG9ubHkgZXZlciBjYWxsZWQg YnkgX19hdWRpdF9mcmVlKCksIHdoaWNoIGlzIG9ubHkgZXZlcgo+ID4gPiA+IGNhbGxlZCBvbiBm YWlsdXJlIG9mIHRhc2sgY3JlYXRpb24gb3Igb24gZXhpdCBvZiB0aGUgdGFzaywgc28gaW4gbmVp dGhlcgo+ID4gPiA+IGNhc2UgY2FuIGFueXRoaW5nIGVsc2UgY2hhbmdlIGl0Lgo+ID4gPiAKPiA+ ID4gSG93IHNvPwo+ID4gPiAKPiA+ID4gQW5vdGhlciB0aHJlYWQgb3IgQ0xPTkVfVk0gdGFzayBv ciAvcHJvYy9waWQvbWVtIGNhbiBjaGFuZ2UgdGhlIHVzZXItc3BhY2UKPiA+ID4gbWVtb3J5IGlu IHBhcmFsbGVsLgo+ID4gPiAKPiA+ID4gT2xlZy4KPiA+IAo+ID4gCj4gPiBFeGFjdGx5LCBieSBz YXlpbmcg4oCcY2hhbmdlIHRoZSBkYXRh4oCdLCBJIG1lYW4gdGhlIG1vZGlmaWNhdGlvbiBmcm9t Cj4gPiBtYWxpY2lvdXMgdXNlcnMgd2l0aCBjcmFmdGVkIG9wZXJhdGlvbnMgb24gdGhlIHVzZXIg c3BhY2UgbWVtb3J5Cj4gPiBkaXJlY3RseSwgcmF0aGVyIHRoYW4gdGhlIG5vcm1hbCBvcGVyYXRp b25zIHdpdGhpbiB0aGUgYXVkaXQKPiA+IHN1YnN5c3RlbSBpbiBMaW51eC4gTW9yZW92ZXIsIHNp bmNlIHRoZSBjb3B5IG9wZXJhdGlvbnMgZnJvbSB0aGUgdXNlcgo+ID4gc3BhY2UgYXJlIG5vdCBw cm90ZWN0ZWQgYnkgYW55IGxvY2tzIG9yIHN5bmNocm9uaXphdGlvbiBwcmltaXRpdmVzLAo+ID4g Y2hhbmdpbmcgdGhlIGRhdGEgdW5kZXIgcmFjZSBjb25kaXRpb24gaXMgZmVhc2libGUgSSB0aGlu ay4gQmVzaWRlcywKPiA+IHRoZXJlIGlzbuKAmXQgYW55IHZpc2libGUgY2hlY2tpbmcgc3RlcCBp biB0aGUgY29kZSB0byBndWFyYW50ZWUgdGhlCj4gPiBjb25zaXN0ZW5jeSBiZXR3ZWVuIHRoZSB0 d28gY29weSBvcGVyYXRpb25zLgo+ID4gCj4gPiBIZXJlIEkgd291bGQgbGlrZcKgdG8gZmlndXJl IG91dCB3aGF0IHRoZSBjb25zZXF1ZW5jZXMgcmVhbGx5IGFyZSBvbmNlCj4gPiB0aGUgZGF0YSBp cyBjaGFuZ2VkIGJldHdlZW4gdGhlIHR3byBjb3B5IG9wZXJhdGlvbnMsIHN1Y2ggYXMgY2hhbmdp bmcKPiA+IGEgbm9uZS1jb250cm9sIHN0cmluZyB0byBhIGNvbnRyb2wgc3RyaW5nIGJ1dCBwcm9j ZXNzIGl0IGFzIGEgbm9uZS0KPiA+IGNvbnRyb2wgc3RyaW5nIHRoYXQgaGFzIG5vIGNvbnRyb2wg Y2hhcnMuIEkgdGhpbmsgcHJvYmxlbXMgd2lsbAo+ID4gaGFwcGVuLgo+IAo+IFNvIGZhciBhcyB1 c2VybGFuZCBjYW4gc2VlLCBrZXJuZWwgbG9nIGxpbmVzIGFyZSBzZXBhcmF0ZWQgYnkgbmV3bGlu ZXMuCgpOZXdsaW5lcyBhcmUgY29udHJvbCBjaGFyYWN0ZXJzIHRoYXQgd291bGQgYmUgY2F1Z2h0 IGJ5IHRoYXQgZmlsdGVyLgpUaGF0IGZpbHRlciBjYXRjaGVzICciJywgPCAweDIxLCA+IDB4N2Uu Cgo+IElmIHdlIGZhaWwgdG8gZXNjYXBlIGEgbmV3bGluZSwgdGhhdCBtYWtlcyBpdCBwb3NzaWJs ZSB0byBpbmplY3QKPiBhcmJpdHJhcnkgbG9nIGxpbmVzIGludG8gdGhlIGtlcm5lbCBsb2csIHdo aWNoIG1heSBiZSBtaXNsZWFkaW5nIHRvIHRoZQo+IGFkbWluaXN0cmF0b3Igb3IgdG8gc29mdHdh cmUgcGFyc2luZyB0aGUgbG9nLgoKU28sIHRoaXMgaXMgYWRkcmVzc2VkLCBidXQgSSdtIHN0aWxs IHRyeWluZyB0byBhc3Nlc3MgdGhlIGRhbmdlciBvZiB0aGlzCnJlcGVhdGVkIGNhbGwgdG8gY29w eV9mcm9tX3VzZXIoKS4KCj4gQmVuLgoKLSBSR0IKCi0tClJpY2hhcmQgR3V5IEJyaWdncyA8cmdi QHJlZGhhdC5jb20+Cktlcm5lbCBTZWN1cml0eSBFbmdpbmVlcmluZywgQmFzZSBPcGVyYXRpbmcg U3lzdGVtcywgUmVkIEhhdApSZW1vdGUsIE90dGF3YSwgQ2FuYWRhClZvaWNlOiArMS42NDcuNzc3 LjI2MzUsIEludGVybmFsOiAoODEpIDMyNjM1CgotLQpMaW51eC1hdWRpdCBtYWlsaW5nIGxpc3QK TGludXgtYXVkaXRAcmVkaGF0LmNvbQpodHRwczovL3d3dy5yZWRoYXQuY29tL21haWxtYW4vbGlz dGluZm8vbGludXgtYXVkaXQ=