From: Zubin Mithra <zsm@chromium.org>
To: stable@vger.kernel.org
Cc: groeck@chromium.org, gregkh@linuxfoundation.org,
ebiggers@google.com, dhowells@redhat.com, jmorris@namei.org,
serge@hallyn.com
Subject: 4aa68e07d845 ("KEYS: restrict /proc/keys by credentials at open time")
Date: Thu, 14 Mar 2019 09:30:42 -0700 [thread overview]
Message-ID: <20190314163040.GA36815@google.com> (raw)
Hello,
Syzkaller has triggered a kernel BUG when fuzzing a 4.4 kernel with the following stacktrace.
Call Trace:
[<ffffffff818568d5>] construct_alloc_key security/keys/request_key.c:388 [inline]
[<ffffffff818568d5>] construct_key_and_link security/keys/request_key.c:479 [inline]
[<ffffffff818568d5>] request_key_and_link+0x49b/0x8c5 security/keys/request_key.c:594
[<ffffffff8184fb08>] SYSC_request_key security/keys/keyctl.c:213 [inline]
[<ffffffff8184fb08>] SyS_request_key+0x1ac/0x2a2 security/keys/keyctl.c:158
[<ffffffff832bec3a>] entry_SYSCALL_64_fastpath+0x31/0xb3
Could the following patches be applied to v4.4.y?
* 4aa68e07d845 ("KEYS: restrict /proc/keys by credentials at open time")
* ede0fa98a900 ("KEYS: always initialize keyring_index_key::desc_len")
Note: queue-4.4 currently has a backport for "keys-always-initialize-keyring_index_key-desc_len.patch".
This request is to apply the 2 patches above instead of just one, to 4.4.y,
as the first patch is a bugfix as well. They apply cleanly if applied one after another.
Tests:
* Chrome OS tryjob
* Syzkaller reproducer
* Test to check if 4aa68e07d845 works as intended
Thanks,
- Zubin
next reply other threads:[~2019-03-14 16:30 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-14 16:30 Zubin Mithra [this message]
2019-03-14 17:11 ` 4aa68e07d845 ("KEYS: restrict /proc/keys by credentials at open time") Greg KH
2019-03-14 17:18 ` Guenter Roeck
2019-03-14 17:22 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190314163040.GA36815@google.com \
--to=zsm@chromium.org \
--cc=dhowells@redhat.com \
--cc=ebiggers@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=groeck@chromium.org \
--cc=jmorris@namei.org \
--cc=serge@hallyn.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).