From: Willy Tarreau <w@1wt.eu>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Stephen Smalley <sds@tycho.nsa.gov>,
Paul Moore <pmoore@redhat.com>, Willy Tarreau <w@1wt.eu>
Subject: [ 139/143] SELinux: Fix kernel BUG on empty security contexts.
Date: Mon, 12 May 2014 02:34:19 +0200 [thread overview]
Message-ID: <20140512003206.481766803@1wt.eu> (raw)
In-Reply-To: <f07e5fe6d87f172fc73580b9c86ba9a2@local>
2.6.32-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Stephen Smalley <sds@tycho.nsa.gov>
commit 2172fa709ab32ca60e86179dc67d0857be8e2c98 upstream
Setting an empty security context (length=0) on a file will
lead to incorrectly dereferencing the type and other fields
of the security context structure, yielding a kernel BUG.
As a zero-length security context is never valid, just reject
all such security contexts whether coming from userspace
via setxattr or coming from the filesystem upon a getxattr
request by SELinux.
Setting a security context value (empty or otherwise) unknown to
SELinux in the first place is only possible for a root process
(CAP_MAC_ADMIN), and, if running SELinux in enforcing mode, only
if the corresponding SELinux mac_admin permission is also granted
to the domain by policy. In Fedora policies, this is only allowed for
specific domains such as livecd for setting down security contexts
that are not defined in the build host policy.
Reproducer:
su
setenforce 0
touch foo
setfattr -n security.selinux foo
Caveat:
Relabeling or removing foo after doing the above may not be possible
without booting with SELinux disabled. Any subsequent access to foo
after doing the above will also trigger the BUG.
BUG output from Matthew Thode:
[ 473.893141] ------------[ cut here ]------------
[ 473.962110] kernel BUG at security/selinux/ss/services.c:654!
[ 473.995314] invalid opcode: 0000 [#6] SMP
[ 474.027196] Modules linked in:
[ 474.058118] CPU: 0 PID: 8138 Comm: ls Tainted: G D I
3.13.0-grsec #1
[ 474.116637] Hardware name: Supermicro X8ST3/X8ST3, BIOS 2.0
07/29/10
[ 474.149768] task: ffff8805f50cd010 ti: ffff8805f50cd488 task.ti:
ffff8805f50cd488
[ 474.183707] RIP: 0010:[<ffffffff814681c7>] [<ffffffff814681c7>]
context_struct_compute_av+0xce/0x308
[ 474.219954] RSP: 0018:ffff8805c0ac3c38 EFLAGS: 00010246
[ 474.252253] RAX: 0000000000000000 RBX: ffff8805c0ac3d94 RCX:
0000000000000100
[ 474.287018] RDX: ffff8805e8aac000 RSI: 00000000ffffffff RDI:
ffff8805e8aaa000
[ 474.321199] RBP: ffff8805c0ac3cb8 R08: 0000000000000010 R09:
0000000000000006
[ 474.357446] R10: 0000000000000000 R11: ffff8805c567a000 R12:
0000000000000006
[ 474.419191] R13: ffff8805c2b74e88 R14: 00000000000001da R15:
0000000000000000
[ 474.453816] FS: 00007f2e75220800(0000) GS:ffff88061fc00000(0000)
knlGS:0000000000000000
[ 474.489254] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 474.522215] CR2: 00007f2e74716090 CR3: 00000005c085e000 CR4:
00000000000207f0
[ 474.556058] Stack:
[ 474.584325] ffff8805c0ac3c98 ffffffff811b549b ffff8805c0ac3c98
ffff8805f1190a40
[ 474.618913] ffff8805a6202f08 ffff8805c2b74e88 00068800d0464990
ffff8805e8aac860
[ 474.653955] ffff8805c0ac3cb8 000700068113833a ffff880606c75060
ffff8805c0ac3d94
[ 474.690461] Call Trace:
[ 474.723779] [<ffffffff811b549b>] ? lookup_fast+0x1cd/0x22a
[ 474.778049] [<ffffffff81468824>] security_compute_av+0xf4/0x20b
[ 474.811398] [<ffffffff8196f419>] avc_compute_av+0x2a/0x179
[ 474.843813] [<ffffffff8145727b>] avc_has_perm+0x45/0xf4
[ 474.875694] [<ffffffff81457d0e>] inode_has_perm+0x2a/0x31
[ 474.907370] [<ffffffff81457e76>] selinux_inode_getattr+0x3c/0x3e
[ 474.938726] [<ffffffff81455cf6>] security_inode_getattr+0x1b/0x22
[ 474.970036] [<ffffffff811b057d>] vfs_getattr+0x19/0x2d
[ 475.000618] [<ffffffff811b05e5>] vfs_fstatat+0x54/0x91
[ 475.030402] [<ffffffff811b063b>] vfs_lstat+0x19/0x1b
[ 475.061097] [<ffffffff811b077e>] SyS_newlstat+0x15/0x30
[ 475.094595] [<ffffffff8113c5c1>] ? __audit_syscall_entry+0xa1/0xc3
[ 475.148405] [<ffffffff8197791e>] system_call_fastpath+0x16/0x1b
[ 475.179201] Code: 00 48 85 c0 48 89 45 b8 75 02 0f 0b 48 8b 45 a0 48
8b 3d 45 d0 b6 00 8b 40 08 89 c6 ff ce e8 d1 b0 06 00 48 85 c0 49 89 c7
75 02 <0f> 0b 48 8b 45 b8 4c 8b 28 eb 1e 49 8d 7d 08 be 80 01 00 00 e8
[ 475.255884] RIP [<ffffffff814681c7>]
context_struct_compute_av+0xce/0x308
[ 475.296120] RSP <ffff8805c0ac3c38>
[ 475.328734] ---[ end trace f076482e9d754adc ]---
Reported-by: Matthew Thode <mthode@mthode.org>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Cc: stable@vger.kernel.org
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
security/selinux/ss/services.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index ff17820..dee7177 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1074,6 +1074,10 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
struct context context;
int rc = 0;
+ /* An empty security context is never valid. */
+ if (!scontext_len)
+ return -EINVAL;
+
if (!ss_initialized) {
int i;
--
1.7.12.2.21.g234cd45.dirty
next prev parent reply other threads:[~2014-05-12 2:15 UTC|newest]
Thread overview: 172+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <f07e5fe6d87f172fc73580b9c86ba9a2@local>
2014-05-12 0:32 ` [ 000/143] 2.6.32.62-longterm review Willy Tarreau
2014-05-12 0:32 ` [ 001/143] scsi: fix missing include linux/types.h in scsi_netlink.h Willy Tarreau
2014-05-12 0:32 ` [ 002/143] Fix lockup related to stop_machine being stuck in __do_softirq Willy Tarreau
2014-05-12 0:32 ` [ 003/143] Revert "x86, ptrace: fix build breakage with gcc 4.7" Willy Tarreau
2014-05-12 0:32 ` [ 004/143] x86, ptrace: fix build breakage with gcc 4.7 (second try) Willy Tarreau
2014-05-12 0:32 ` [ 005/143] ipvs: fix CHECKSUM_PARTIAL for TCP, UDP Willy Tarreau
2014-05-12 0:32 ` [ 006/143] intel-iommu: Flush unmaps at domain_exit Willy Tarreau
2014-05-12 0:32 ` [ 007/143] staging: comedi: ni_65xx: (bug fix) confine insn_bits to one Willy Tarreau
2014-05-12 0:32 ` [ 008/143] kernel/kmod.c: check for NULL in call_usermodehelper_exec() Willy Tarreau
2014-05-12 0:32 ` [ 009/143] cciss: fix info leak in cciss_ioctl32_passthru() Willy Tarreau
2014-05-12 0:32 ` [ 010/143] cpqarray: fix info leak in ida_locked_ioctl() Willy Tarreau
2014-05-12 0:32 ` [ 011/143] drivers/cdrom/cdrom.c: use kzalloc() for failing hardware Willy Tarreau
2014-05-12 0:32 ` [ 012/143] sctp: deal with multiple COOKIE_ECHO chunks Willy Tarreau
2014-05-12 0:32 ` [ 013/143] sctp: Use correct sideffect command in duplicate cookie handling Willy Tarreau
2014-05-12 0:32 ` [ 014/143] ipv6: ip6_sk_dst_check() must not assume ipv6 dst Willy Tarreau
2014-05-12 0:32 ` [ 015/143] af_key: fix info leaks in notify messages Willy Tarreau
2014-05-12 0:32 ` [ 016/143] af_key: initialize satype in key_notify_policy_flush() Willy Tarreau
2014-05-12 0:32 ` [ 017/143] block: do not pass disk names as format strings Willy Tarreau
2014-05-12 0:32 ` [ 018/143] b43: stop format string leaking into error msgs Willy Tarreau
2014-05-12 0:32 ` [ 019/143] HID: validate HID report id size Willy Tarreau
2014-05-12 0:32 ` [ 020/143] HID: zeroplus: validate output report details Willy Tarreau
2014-05-12 0:32 ` [ 021/143] HID: pantherlord: " Willy Tarreau
2014-05-12 0:32 ` [ 022/143] HID: LG: validate HID " Willy Tarreau
2014-05-12 0:32 ` [ 023/143] HID: check for NULL field when setting values Willy Tarreau
2014-05-12 0:32 ` [ 024/143] HID: provide a helper for validating hid reports Willy Tarreau
2014-05-12 0:32 ` [ 025/143] crypto: api - Fix race condition in larval lookup Willy Tarreau
2014-05-12 0:32 ` [ 026/143] ipv6: tcp: fix panic in SYN processing Willy Tarreau
2014-05-12 0:32 ` [ 027/143] tcp: must unclone packets before mangling them Willy Tarreau
2014-05-12 0:32 ` [ 028/143] net: do not call sock_put() on TIMEWAIT sockets Willy Tarreau
2014-05-12 0:32 ` [ 029/143] net: heap overflow in __audit_sockaddr() Willy Tarreau
2014-05-12 0:32 ` [ 030/143] proc connector: fix info leaks Willy Tarreau
2014-05-12 8:41 ` Christoph Biedl
2014-05-12 8:51 ` Mathias Krause
2014-05-12 8:57 ` Willy Tarreau
2014-05-12 11:43 ` Willy Tarreau
2014-05-12 14:42 ` David Miller
2014-05-12 0:32 ` [ 031/143] can: dev: fix nlmsg size calculation in can_get_size() Willy Tarreau
2014-05-12 0:32 ` [ 032/143] net: vlan: fix nlmsg size calculation in vlan_get_size() Willy Tarreau
2014-05-12 0:32 ` [ 033/143] farsync: fix info leak in ioctl Willy Tarreau
2014-05-12 0:32 ` [ 034/143] connector: use nlmsg_len() to check message length Willy Tarreau
2014-05-12 0:32 ` [ 035/143] net: dst: provide accessor function to dst->xfrm Willy Tarreau
2014-05-12 0:32 ` [ 036/143] sctp: Use software crc32 checksum when xfrm transform will happen Willy Tarreau
2014-05-12 0:32 ` [ 037/143] sctp: Perform software checksum if packet has to be fragmented Willy Tarreau
2014-05-12 0:32 ` [ 038/143] wanxl: fix info leak in ioctl Willy Tarreau
2014-05-12 0:32 ` [ 039/143] davinci_emac.c: Fix IFF_ALLMULTI setup Willy Tarreau
2014-05-12 0:32 ` [ 040/143] resubmit bridge: fix message_age_timer calculation Willy Tarreau
2014-05-12 0:32 ` [ 041/143] ipv6 mcast: use in6_dev_put in timer handlers instead of Willy Tarreau
2014-05-12 0:32 ` [ 042/143] ipv4 igmp: use in_dev_put in timer handlers instead of __in_dev_put Willy Tarreau
2014-05-12 0:32 ` [ 043/143] dm9601: fix IFF_ALLMULTI handling Willy Tarreau
2014-05-12 0:32 ` [ 044/143] bonding: Fix broken promiscuity reference counting issue Willy Tarreau
2014-05-12 0:32 ` [ 045/143] ll_temac: Reset dma descriptors indexes on ndo_open Willy Tarreau
2014-05-12 0:32 ` [ 046/143] tcp: fix tcp_md5_hash_skb_data() Willy Tarreau
2014-05-12 0:32 ` [ 047/143] ipv6: fix possible crashes in ip6_cork_release() Willy Tarreau
2014-05-12 0:32 ` [ 048/143] ip_tunnel: fix kernel panic with icmp_dest_unreach Willy Tarreau
2014-05-12 0:32 ` [ 049/143] net: sctp: fix NULL pointer dereference in socket destruction Willy Tarreau
2014-05-12 0:32 ` [ 050/143] packet: packet_getname_spkt: make sure string is always 0-terminated Willy Tarreau
2014-05-12 0:32 ` [ 051/143] neighbour: fix a race in neigh_destroy() Willy Tarreau
2014-05-12 0:32 ` [ 052/143] net: Swap ver and type in pppoe_hdr Willy Tarreau
2014-05-12 0:32 ` [ 053/143] sunvnet: vnet_port_remove must call unregister_netdev Willy Tarreau
2014-05-12 0:32 ` [ 054/143] ifb: fix rcu_sched self-detected stalls Willy Tarreau
2014-05-12 0:32 ` [ 055/143] dummy: fix oops when loading the dummy failed Willy Tarreau
2014-05-12 0:32 ` [ 056/143] ifb: fix oops when loading the ifb failed Willy Tarreau
2014-05-12 0:32 ` [ 057/143] vlan: fix a race in egress prio management Willy Tarreau
2014-05-12 0:32 ` [ 058/143] arcnet: cleanup sizeof parameter Willy Tarreau
2014-05-12 0:32 ` [ 059/143] sysctl net: Keep tcp_syn_retries inside the boundary Willy Tarreau
2014-06-11 18:46 ` Luis Henriques
2014-06-11 19:46 ` Willy Tarreau
2014-06-12 12:55 ` Luis Henriques
2014-06-12 13:02 ` Willy Tarreau
2014-06-14 17:50 ` Willy Tarreau
2014-06-20 22:16 ` Eric W. Biederman
2014-06-20 22:58 ` Willy Tarreau
2014-06-21 0:19 ` Eric W. Biederman
2014-05-12 0:33 ` [ 060/143] sctp: fully initialize sctp_outq in sctp_outq_init Willy Tarreau
2014-05-12 0:33 ` [ 061/143] net_sched: Fix stack info leak in cbq_dump_wrr() Willy Tarreau
2014-05-12 0:33 ` [ 062/143] af_key: more info leaks in pfkey messages Willy Tarreau
2014-05-12 0:33 ` [ 063/143] net_sched: info leak in atm_tc_dump_class() Willy Tarreau
2014-05-12 0:33 ` [ 064/143] htb: fix sign extension bug Willy Tarreau
2014-05-12 0:33 ` [ 065/143] net: check net.core.somaxconn sysctl values Willy Tarreau
2014-05-12 0:33 ` [ 066/143] tcp: cubic: fix bug in bictcp_acked() Willy Tarreau
2014-05-12 0:33 ` [ 067/143] ipv6: dont stop backtracking in fib6_lookup_1 if subtree does not Willy Tarreau
2014-05-12 0:33 ` [ 068/143] ipv6: remove max_addresses check from ipv6_create_tempaddr Willy Tarreau
2014-05-12 0:33 ` [ 069/143] ipv6: drop packets with multiple fragmentation headers Willy Tarreau
2014-05-12 0:33 ` [ 070/143] ipv6: Dont depend on per socket memory for neighbour discovery Willy Tarreau
2014-05-12 0:33 ` [ 071/143] ICMPv6: treat dest unreachable codes 5 and 6 as EACCES, not EPROTO Willy Tarreau
2014-05-12 0:33 ` [ 072/143] tipc: fix lockdep warning during bearer initialization Willy Tarreau
2014-05-12 16:04 ` Jon Maloy
2014-05-12 16:16 ` Willy Tarreau
2014-05-12 16:41 ` Jon Maloy
2014-05-12 17:12 ` Willy Tarreau
2014-05-12 17:19 ` Jon Maloy
2014-05-12 18:11 ` Willy Tarreau
2014-05-12 0:33 ` [ 073/143] net: Fix "ip rule delete table 256" Willy Tarreau
2014-05-12 0:33 ` [ 074/143] ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv Willy Tarreau
2014-05-12 0:33 ` [ 075/143] random32: fix off-by-one in seeding requirement Willy Tarreau
2014-05-12 0:33 ` [ 076/143] bonding: fix two race conditions in bond_store_updelay/downdelay Willy Tarreau
2014-05-12 0:33 ` [ 077/143] isdnloop: use strlcpy() instead of strcpy() Willy Tarreau
2014-05-12 0:33 ` [ 078/143] ipv4: fix possible seqlock deadlock Willy Tarreau
2014-05-12 0:33 ` [ 079/143] inet: prevent leakage of uninitialized memory to user in recv Willy Tarreau
2014-05-12 0:33 ` [ 080/143] net: rework recvmsg handler msg_name and msg_namelen logic Willy Tarreau
2014-05-13 12:44 ` Luis Henriques
2014-05-13 12:49 ` Willy Tarreau
2014-05-14 5:45 ` Willy Tarreau
2014-05-12 0:33 ` [ 081/143] net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct Willy Tarreau
2014-05-12 0:33 ` [ 082/143] inet: fix addr_len/msg->msg_namelen assignment in recv_error and Willy Tarreau
2014-05-12 0:33 ` [ 083/143] net: clamp ->msg_namelen instead of returning an error Willy Tarreau
2014-05-14 10:02 ` Dan Carpenter
2014-05-14 12:27 ` Willy Tarreau
2014-05-12 0:33 ` [ 084/143] ipv6: fix leaking uninitialized port number of offender sockaddr Willy Tarreau
2014-05-12 0:33 ` [ 085/143] atm: idt77252: fix dev refcnt leak Willy Tarreau
2014-05-12 0:33 ` [ 086/143] net: core: Always propagate flag changes to interfaces Willy Tarreau
2014-05-12 0:33 ` [ 087/143] bridge: flush brs address entry in fdb when remove the bridge dev Willy Tarreau
2014-05-12 0:33 ` [ 088/143] inet: fix possible seqlock deadlocks Willy Tarreau
2014-05-12 0:33 ` [ 089/143] ipv6: fix possible seqlock deadlock in ip6_finish_output2 Willy Tarreau
2014-05-12 0:33 ` [ 090/143] {pktgen, xfrm} Update IPv4 header total len and checksum after Willy Tarreau
2014-05-12 0:33 ` [ 091/143] net: drop_monitor: fix the value of maxattr Willy Tarreau
2014-05-12 0:33 ` [ 092/143] net: unix: allow bind to fail on mutex lock Willy Tarreau
2014-05-12 0:33 ` [ 093/143] drivers/net/hamradio: Integer overflow in hdlcdrv_ioctl() Willy Tarreau
2014-05-12 0:33 ` [ 094/143] hamradio/yam: fix info leak in ioctl Willy Tarreau
2014-05-12 0:33 ` [ 095/143] rds: prevent dereference of a NULL device Willy Tarreau
2014-05-12 0:33 ` [ 096/143] net: rose: restore old recvmsg behavior Willy Tarreau
2014-05-12 0:33 ` [ 097/143] net: llc: fix use after free in llc_ui_recvmsg Willy Tarreau
2014-05-12 0:33 ` [ 098/143] inet_diag: fix inet_diag_dump_icsk() timewait socket state logic Willy Tarreau
2014-05-12 0:33 ` [ 099/143] net: fix ip rule iif/oif device rename Willy Tarreau
2014-05-12 0:33 ` [ 100/143] tg3: Fix deadlock in tg3_change_mtu() Willy Tarreau
2014-05-12 0:33 ` [ 101/143] bonding: 802.3ad: make aggregator_identifier bond-private Willy Tarreau
2014-05-12 0:33 ` [ 102/143] net: sctp: fix sctp_connectx abi for ia32 emulation/compat mode Willy Tarreau
2014-05-12 0:33 ` [ 103/143] virtio-net: alloc big buffers also when guest can receive UFO Willy Tarreau
2014-05-12 0:33 ` [ 104/143] tg3: Dont check undefined error bits in RXBD Willy Tarreau
2014-05-12 0:33 ` [ 105/143] net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH Willy Tarreau
2014-05-12 0:33 ` [ 106/143] net: sctp: fix skb leakage in COOKIE ECHO path of chunk->auth_chunk Willy Tarreau
2014-05-12 0:33 ` [ 107/143] net: socket: error on a negative msg_namelen Willy Tarreau
2014-05-12 0:33 ` [ 108/143] netlink: dont compare the nul-termination in nla_strcmp Willy Tarreau
2014-05-12 0:33 ` [ 109/143] isdnloop: several buffer overflows Willy Tarreau
2014-05-12 0:33 ` [ 110/143] rds: prevent dereference of a NULL device in rds_iw_laddr_check Willy Tarreau
2014-05-12 0:33 ` [ 111/143] isdnloop: Validate NUL-terminated strings from user Willy Tarreau
2014-05-12 0:33 ` [ 112/143] sctp: unbalanced rcu lock in ip_queue_xmit() Willy Tarreau
2014-05-12 0:33 ` [ 113/143] aacraid: prevent invalid pointer dereference Willy Tarreau
2014-05-12 0:33 ` [ 114/143] ipv6: udp packets following an UFO enqueued packet need also be Willy Tarreau
2014-05-12 0:33 ` [ 115/143] inet: fix possible memory corruption with UDP_CORK and UFO Willy Tarreau
2014-05-12 0:33 ` [ 116/143] vm: add vm_iomap_memory() helper function Willy Tarreau
2014-05-12 0:33 ` [ 117/143] Fix a few incorrectly checked [io_]remap_pfn_range() calls Willy Tarreau
2014-05-12 0:33 ` [ 118/143] libertas: potential oops in debugfs Willy Tarreau
2014-05-12 0:33 ` [ 119/143] x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround Willy Tarreau
2014-05-12 0:34 ` [ 120/143] gianfar: disable TX vlan based on kernel 2.6.x Willy Tarreau
2014-05-12 0:34 ` [ 121/143] [CPUFREQ] powernow-k6: set transition latency value so ondemand Willy Tarreau
2014-05-12 0:34 ` [ 122/143] powernow-k6: disable cache when changing frequency Willy Tarreau
2014-05-12 0:34 ` [ 123/143] powernow-k6: correctly initialize default parameters Willy Tarreau
2014-05-12 0:34 ` [ 124/143] powernow-k6: reorder frequencies Willy Tarreau
2014-05-12 0:34 ` [ 125/143] tcp: fix tcp_trim_head() to adjust segment count with skb MSS Willy Tarreau
2014-05-12 0:34 ` [ 126/143] tcp_cubic: limit delayed_ack ratio to prevent divide error Willy Tarreau
2014-05-12 0:34 ` [ 127/143] tcp_cubic: fix the range of delayed_ack Willy Tarreau
2014-05-12 0:34 ` [ 128/143] n_tty: Fix n_tty_write crash when echoing in raw mode Willy Tarreau
2014-05-12 0:34 ` [ 129/143] exec/ptrace: fix get_dumpable() incorrect tests Willy Tarreau
2014-05-12 0:34 ` [ 130/143] ipv6: call udp_push_pending_frames when uncorking a socket with Willy Tarreau
2014-05-12 0:34 ` [ 131/143] dm snapshot: fix data corruption Willy Tarreau
2014-05-12 0:34 ` [ 132/143] crypto: ansi_cprng - Fix off by one error in non-block size request Willy Tarreau
2014-05-12 0:34 ` [ 133/143] uml: check length in exitcode_proc_write() Willy Tarreau
2014-05-12 0:34 ` [ 134/143] KVM: Improve create VCPU parameter (CVE-2013-4587) Willy Tarreau
2014-05-12 0:34 ` [ 135/143] KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) Willy Tarreau
2014-05-12 0:34 ` [ 136/143] qeth: avoid buffer overflow in snmp ioctl Willy Tarreau
2014-05-12 0:34 ` [ 137/143] xfs: underflow bug in xfs_attrlist_by_handle() Willy Tarreau
2014-05-13 11:08 ` Luis Henriques
2014-05-13 11:18 ` Willy Tarreau
2014-05-14 9:50 ` Dan Carpenter
2014-05-22 8:19 ` Dan Carpenter
2014-05-12 0:34 ` [ 138/143] aacraid: missing capable() check in compat ioctl Willy Tarreau
2014-05-12 0:34 ` Willy Tarreau [this message]
2014-05-12 0:34 ` [ 140/143] s390: fix kernel crash due to linkage stack instructions Willy Tarreau
2014-05-12 0:34 ` [ 141/143] netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages Willy Tarreau
2014-05-12 0:34 ` [ 142/143] floppy: ignore kernel-only members in FDRAWCMD ioctl input Willy Tarreau
2014-05-12 0:34 ` [ 143/143] floppy: dont write kernel-only members to FDRAWCMD ioctl output Willy Tarreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140512003206.481766803@1wt.eu \
--to=w@1wt.eu \
--cc=linux-kernel@vger.kernel.org \
--cc=pmoore@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox