From: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
To: Ben Hutchings <ben@decadent.org.uk>,
linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: akpm@linux-foundation.org,
Linus Torvalds <torvalds@linux-foundation.org>,
Doug Ledford <dledford@redhat.com>,
Jason Gunthorpe <jgunthorpe@obsidianresearch.com>,
Jann Horn <jann@thejh.net>
Subject: Re: [PATCH 3.2 31/46] IB/security: Restrict use of the write() interface
Date: Tue, 14 Jun 2016 23:04:04 +0100 [thread overview]
Message-ID: <57607F54.6050600@gmail.com> (raw)
In-Reply-To: <1465939407.3529.254.camel@decadent.org.uk>
On Tuesday 14 June 2016 10:23 PM, Ben Hutchings wrote:
> On Tue, 2016-06-14 at 22:11 +0100, Sudip Mukherjee wrote:
>> On Sunday 12 June 2016 10:34 PM, Ben Hutchings wrote:
>>> 3.2.81-rc1 review patch. If anyone has any objections, please let
>>> me know.
>>>
>>> ------------------
>>>
>>> From: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
>>>
>>> commit e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3 upstream.
>>>
>>> The drivers/infiniband stack uses write() as a replacement for
>>> bi-directional ioctl(). This is not safe. There are ways to
>>> trigger write calls that result in the return structure that
>>> is normally written to user space being shunted off to user
>>> specified kernel memory instead.
>>>
>>
>> <snip>
>>
>>> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
>>> ---
>>> --- a/drivers/infiniband/core/ucm.c
>>> +++ b/drivers/infiniband/core/ucm.c
>>> @@ -48,6 +48,7 @@
>>>
>>> #include <asm/uaccess.h>
>>>
>>> +#include <rdma/ib.h>
>>
>> This is breaking the build. There is no rdma/ib.h .
>
> This backported patch adds it.
>
>> The file was created by:
>> 8d36eb01da5d ("RDMA/cma: Define native IB address")
>>
>> build log is at: https://gitlab.com/sudipm/linux-next/builds/1771265
>
> It looks like your patch queue tester doesn't account for patches that
> create new files.
oops... after applying your combined diff I added them to git with
git add -u , and that doesnot take care of new files. sorry for the
noise. I should have been more careful.
But the other failure is not noise. :)
Regards
Sudip
next prev parent reply other threads:[~2016-06-14 22:04 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-12 21:34 [PATCH 3.2 00/46] 3.2.81-rc1 review Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 13/46] nl80211: check netlink protocol in socket release notification Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 05/46] crypto: gcm - fix rfc4543 to handle async crypto correctly Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 15/46] usb: xhci: fix wild pointers in xhci_mem_cleanup Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 07/46] x86: Add 1/2/4/8 byte optimization to 64bit __copy_{from,to}_user_inatomic Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 06/46] crypto: gcm - Fix rfc4543 decryption crash Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 16/46] USB: uas: Add a new NO_REPORT_LUNS quirk Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 03/46] x86/microcode/amd: Extract current patch level read to a function Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 02/46] Revert "net: validate variable length ll headers" Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 18/46] Input: pmic8xxx-pwrkey - fix algorithm for converting trigger delay Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 09/46] ipmi: fix timeout calculation when bmc is disconnected Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 08/46] x86, sparse: Do not force removal of __user when calling copy_to/from_user_nocheck() Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 17/46] usb: hcd: out of bounds access in for_each_companion Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 12/46] kvm: x86: do not leak guest xcr0 into host interrupt handlers Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 01/46] Revert "ax25: add link layer header validation function" Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 14/46] usb: xhci: applying XHCI_PME_STUCK_QUIRK to Intel BXT B0 host Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 04/46] x86/microcode/amd: Do not overwrite final patch levels Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 10/46] Input: gtco - fix crash on detecting device without endpoints Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 11/46] libahci: save port map for forced port map Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 30/46] drm/i915: Fix system resume if PCI device remained enabled Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 33/46] mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 37/46] drm/radeon: make sure vertical front porch is at least 1 Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 40/46] proc: prevent accessing /proc/<PID>/environ until it's ready Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 31/46] IB/security: Restrict use of the write() interface Ben Hutchings
2016-06-14 21:11 ` Sudip Mukherjee
2016-06-14 21:23 ` Ben Hutchings
2016-06-14 22:04 ` Sudip Mukherjee [this message]
2016-06-12 21:34 ` [PATCH 3.2 44/46] net: fix infoleak in llc Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 32/46] thp: introduce hugepage_vma_check() Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 39/46] crypto: hash - Fix page length clamping in hash walk Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 38/46] ACPICA: Dispatcher: Update thread ID for recursive method calls Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 34/46] EDAC: i7core, sb_edac: Don't return NOTIFY_BAD from mce_decoder callback Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 35/46] Make hash_64() use a 64-bit multiply when appropriate Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 22/46] mm: hugetlb: allow hugepages_supported to be architecture specific Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 45/46] net: fix infoleak in rtnetlink Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 21/46] hugetlb: ensure hugepage access is denied if hugepages are not supported Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 29/46] USB: serial: cp210x: add Straizona Focusers device ids Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 23/46] s390/hugetlb: add hugepages_supported define Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 28/46] USB: serial: cp210x: add ID for Link ECU Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 25/46] batman-adv: Check skb size before using encapsulated ETH+VLAN header Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 19/46] powerpc: scan_features() updates incorrect bits for REAL_LE Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 41/46] parisc: fix a bug when syscall number of tracee is __NR_Linux_syscalls Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 46/46] net: fix a kernel infoleak in x25 module Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 27/46] batman-adv: Fix broadcast/ogm queue limit on a removed interface Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 24/46] x86/mm/xen: Suppress hugetlbfs in PV guests Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 42/46] get_rock_ridge_filename(): handle malformed NM entries Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 20/46] atl2: Disable unimplemented scatter/gather feature Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 26/46] batman-adv: Reduce refcnt of removed router when updating route Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 43/46] nf_conntrack: avoid kernel pointer value leak in slab name Ben Hutchings
2016-06-12 21:34 ` [PATCH 3.2 36/46] Minimal fix-up of bad hashing behavior of hash_64() Ben Hutchings
2016-06-12 23:13 ` [PATCH 3.2 00/46] 3.2.81-rc1 review Guenter Roeck
2016-06-12 23:49 ` Ben Hutchings
2016-06-13 18:45 ` Ben Hutchings
2016-06-14 21:56 ` Sudip Mukherjee
2016-06-14 22:16 ` Ben Hutchings
2016-06-14 22:35 ` Sudip Mukherjee
2017-10-08 18:55 ` Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57607F54.6050600@gmail.com \
--to=sudipm.mukherjee@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=ben@decadent.org.uk \
--cc=dledford@redhat.com \
--cc=jann@thejh.net \
--cc=jgunthorpe@obsidianresearch.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox