From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Tue, 22 Jul 2014 16:59:03 -0700 From: Greg KH To: Andy Lutomirski Cc: Kamal Mostafa , "linux-kernel@vger.kernel.org" , stable , kernel-team@lists.ubuntu.com, Roland McGrath , "H. Peter Anvin" Subject: Re: [PATCH 3.8 106/116] x86_32, entry: Do syscall exit work on badsys (CVE-2014-4508) Message-ID: <20140722235903.GA12525@kroah.com> References: <1406067727-19683-1-git-send-email-kamal@canonical.com> <1406067727-19683-107-git-send-email-kamal@canonical.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org List-ID: On Tue, Jul 22, 2014 at 03:27:59PM -0700, Andy Lutomirski wrote: > On Tue, Jul 22, 2014 at 3:21 PM, Kamal Mostafa wrote: > > 3.8.13.27 -stable review patch. If anyone has any objections, please let me know. > > > > ------------------ > > > > From: Andy Lutomirski > > > > commit 554086d85e71f30abe46fc014fea31929a7c6a8a upstream. > > > > The bad syscall nr paths are their own incomprehensible route > > through the entry control flow. Rearrange them to work just like > > syscalls that return -ENOSYS. > > > > This fixes an OOPS in the audit code when fast-path auditing is > > enabled and sysenter gets a bad syscall nr (CVE-2014-4508). > > > > This has probably been broken since Linux 2.6.27: > > af0575bba0 i386 syscall audit fast-path > > Don't apply this without: > > https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?h=x86/urgent&id=8142b215501f8b291a108a202b3a053a265b03dd > > Sorry! As that isn't in Linus's tree yet, don't apply that one either... thanks, greg k-h