[PATCH 4.14] atm:idt77252: Fix a kernel address leakage in idt77252

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 4.14] atm:idt77252: Fix a kernel address leakage in idt77252
@ 2019-04-16 12:37 Fuqian Huang
  2019-04-16 12:46 ` Greg KH
  0 siblings, 1 reply; 9+ messages in thread
From: Fuqian Huang @ 2019-04-16 12:37 UTC (permalink / raw)
  Cc: Fuqian Huang, # v4 . 14 . x

From: Fuqian Huang <huangfq.daxian@gmail.com>

commit c0a68944b036ee4856658c6a5c2c4cc030a1c587 upstream

Outputting kernel addresses will reveal the locations of kernel code
and data. And there is no need to print the address of
function idt77252_init in idt77252_init.
This case is similar to CVE-2018-7273[1].
Just remove the print statement.

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7273

Cc: <Stable@vger.kernel.org> # v4.14.x
Signed-off-by: Fuqian Huang <huangfq.daxian@gmail.com>
---
 drivers/atm/idt77252.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c
index 47f3c4a..76e7736 100644
--- a/drivers/atm/idt77252.c
+++ b/drivers/atm/idt77252.c
@@ -3743,8 +3743,6 @@ static int __init idt77252_init(void)
 {
 	struct sk_buff *skb;

-	printk("%s: at %p\n", __func__, idt77252_init);
-
 	if (sizeof(skb->cb) < sizeof(struct atm_skb_data) +
 			      sizeof(struct idt77252_skb_prv)) {
 		printk(KERN_ERR "%s: skb->cb is too small (%lu < %lu)\n",
--
2.11.0


^ permalink raw reply related	[flat|nested] 9+ messages in thread

* Re: [PATCH 4.14] atm:idt77252: Fix a kernel address leakage in idt77252
  2019-04-16 12:37 [PATCH 4.14] atm:idt77252: Fix a kernel address leakage in idt77252 Fuqian Huang
@ 2019-04-16 12:46 ` Greg KH
  2019-04-16 14:27   ` Fuqian Huang
  0 siblings, 1 reply; 9+ messages in thread
From: Greg KH @ 2019-04-16 12:46 UTC (permalink / raw)
  To: Fuqian Huang; +Cc: Stable

On Tue, Apr 16, 2019 at 08:37:17PM +0800, Fuqian Huang wrote:
> From: Fuqian Huang <huangfq.daxian@gmail.com>
> 
> commit c0a68944b036ee4856658c6a5c2c4cc030a1c587 upstream

I do not see that git commit id in Linus's tree, are you sure it is
there?

And your email seems to be messing up the cc: line, please fix that up.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 4.14] atm:idt77252: Fix a kernel address leakage in idt77252
  2019-04-16 12:46 ` Greg KH
@ 2019-04-16 14:27   ` Fuqian Huang
  2019-04-17  6:14     ` Greg KH
  0 siblings, 1 reply; 9+ messages in thread
From: Fuqian Huang @ 2019-04-16 14:27 UTC (permalink / raw)
  To: Greg KH; +Cc: stable

uh, it seems that i misunderstood the manual.
If i just submit a patch to fix a bug in 4.14 which not exists in
upstream, need i add a commit-id line to the mail body?
It is ok that I remove the commitid line and resend the patch?
Sorry about that. This my first patch submit to stable tree.

Greg KH <gregkh@linuxfoundation.org> 於 2019年4月16日週二 下午8:57寫道：
>
> On Tue, Apr 16, 2019 at 08:37:17PM +0800, Fuqian Huang wrote:
> > From: Fuqian Huang <huangfq.daxian@gmail.com>
> >
> > commit c0a68944b036ee4856658c6a5c2c4cc030a1c587 upstream
>
> I do not see that git commit id in Linus's tree, are you sure it is
> there?
>
> And your email seems to be messing up the cc: line, please fix that up.
>
> thanks,
>
> greg k-h

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 4.14] atm:idt77252: Fix a kernel address leakage in idt77252
  2019-04-16 14:27   ` Fuqian Huang
@ 2019-04-17  6:14     ` Greg KH
  0 siblings, 0 replies; 9+ messages in thread
From: Greg KH @ 2019-04-17  6:14 UTC (permalink / raw)
  To: Fuqian Huang; +Cc: stable

On Tue, Apr 16, 2019 at 10:27:51PM +0800, Fuqian Huang wrote:
> uh, it seems that i misunderstood the manual.
> If i just submit a patch to fix a bug in 4.14 which not exists in
> upstream, need i add a commit-id line to the mail body?

You need to explain in great detail _why_ the commit is not needed
in Linus's tree for me to be able to accept the patch.

> It is ok that I remove the commitid line and resend the patch?

Yes please, and add lots of text to the changelog area explaining why
this is only needed in this one specific kernel tree.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [PATCH 4.14] atm:idt77252: Fix a kernel address leakage in idt77252
@ 2019-04-18  7:17 Fuqian Huang
  2019-04-18  7:42 ` Greg KH
  0 siblings, 1 reply; 9+ messages in thread
From: Fuqian Huang @ 2019-04-18  7:17 UTC (permalink / raw)
  Cc: Stable, Fuqian Huang

From: Fuqian Huang <huangfq.daxian@gmail.com>

As there is still no hash for %p to print the address in linux 4.14,
the address of function idt77252_init will be printed to syslog.
Outputting kernel addresses will reveal the locations of kernel code
and data. This case is similar to CVE-2018-7273[1].

Also, there is no need to print the address of
function idt77252_init in idt77252_init.
Just remove the print statement.

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7273

Cc: <Stable@vger.kernel.org> # v4.14+
Signed-off-by: Fuqian Huang <huangfq.daxian@gmail.com>
---
 drivers/atm/idt77252.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c
index 47f3c4a..76e7736 100644
--- a/drivers/atm/idt77252.c
+++ b/drivers/atm/idt77252.c
@@ -3743,8 +3743,6 @@ static int __init idt77252_init(void)
 {
 	struct sk_buff *skb;

-	printk("%s: at %p\n", __func__, idt77252_init);
-
 	if (sizeof(skb->cb) < sizeof(struct atm_skb_data) +
 			      sizeof(struct idt77252_skb_prv)) {
 		printk(KERN_ERR "%s: skb->cb is too small (%lu < %lu)\n",
--
2.11.0


^ permalink raw reply related	[flat|nested] 9+ messages in thread

* Re: [PATCH 4.14] atm:idt77252: Fix a kernel address leakage in idt77252
  2019-04-18  7:17 Fuqian Huang
@ 2019-04-18  7:42 ` Greg KH
  0 siblings, 0 replies; 9+ messages in thread
From: Greg KH @ 2019-04-18  7:42 UTC (permalink / raw)
  To: Fuqian Huang; +Cc: Stable

On Thu, Apr 18, 2019 at 03:17:21PM +0800, Fuqian Huang wrote:
> From: Fuqian Huang <huangfq.daxian@gmail.com>
> 
> As there is still no hash for %p to print the address in linux 4.14,
> the address of function idt77252_init will be printed to syslog.
> Outputting kernel addresses will reveal the locations of kernel code
> and data. This case is similar to CVE-2018-7273[1].
> 
> Also, there is no need to print the address of
> function idt77252_init in idt77252_init.
> Just remove the print statement.
> 
> [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7273
> 
> Cc: <Stable@vger.kernel.org> # v4.14+
> Signed-off-by: Fuqian Huang <huangfq.daxian@gmail.com>
> ---
>  drivers/atm/idt77252.c | 2 --
>  1 file changed, 2 deletions(-)
> 
> diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c
> index 47f3c4a..76e7736 100644
> --- a/drivers/atm/idt77252.c
> +++ b/drivers/atm/idt77252.c
> @@ -3743,8 +3743,6 @@ static int __init idt77252_init(void)
>  {
>  	struct sk_buff *skb;
> 
> -	printk("%s: at %p\n", __func__, idt77252_init);

If you look at commit ad67b74d2469 ("printk: hash addresses printed with
%p"), I think you missed about 14000 other instances you need to fix up :)

I suggest, if you really care about this issue in your 4.14-based kernel
tree, that you just backport these pointer printk patches and be done
with it.  That's too big of a change to accept into the 4.14.y LTS
kernel, but as the lifespan for 4.14.y running on a "general purpose"
system is probably only a few more months at most, I would recomment
just using 4.19.y instead as this isn't an issue at all there.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [PATCH 4.14] atm:idt77252: Fix a kernel address leakage in idt77252
@ 2019-04-16 12:31 Fuqian Huang
  0 siblings, 0 replies; 9+ messages in thread
From: Fuqian Huang @ 2019-04-16 12:31 UTC (permalink / raw)
  Cc: Fuqian Huang, # v4 . 14 . x

From: Fuqian Huang <huangfq.daxian@gmail.com>

commit c0a68944b036ee4856658c6a5c2c4cc030a1c587 upstream

Outputting kernel addresses will reveal the locations of kernel code
and data. And there is no need to print the address of
function idt77252_init in idt77252_init.
This case is similar to CVE-2018-7273[1].
Just remove the print statement.

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7273

Cc: <Stable@vger.kernel.org> # v4.14.x
Signed-off-by: Fuqian Huang <huangfq.daxian@gmail.com>
---
 drivers/atm/idt77252.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c
index 47f3c4a..76e7736 100644
--- a/drivers/atm/idt77252.c
+++ b/drivers/atm/idt77252.c
@@ -3743,8 +3743,6 @@ static int __init idt77252_init(void)
 {
 	struct sk_buff *skb;

-	printk("%s: at %p\n", __func__, idt77252_init);
-
 	if (sizeof(skb->cb) < sizeof(struct atm_skb_data) +
 			      sizeof(struct idt77252_skb_prv)) {
 		printk(KERN_ERR "%s: skb->cb is too small (%lu < %lu)\n",
--
2.11.0


^ permalink raw reply related	[flat|nested] 9+ messages in thread

* [PATCH 4.14] atm:idt77252: Fix a kernel address leakage in idt77252
@ 2019-04-16  7:11 Fuqian Huang
  2019-04-16  8:57 ` Greg KH
  0 siblings, 1 reply; 9+ messages in thread
From: Fuqian Huang @ 2019-04-16  7:11 UTC (permalink / raw)
  Cc: stable, Fuqian Huang

Outputting kernel addresses will reveal the locations of kernel code
and data. And there is no need to print the address of 
function idt77252_init in idt77252_init. 
This case is similar to CVE-2018-7273[1].
Just remove the print statement.

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7273

Signed-off-by: Fuqian Huang <huangfq.daxian@gmail.com>
---
 drivers/atm/idt77252.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c
index 47f3c4a..76e7736 100644
--- a/drivers/atm/idt77252.c
+++ b/drivers/atm/idt77252.c
@@ -3743,8 +3743,6 @@ static int __init idt77252_init(void)
 {
 	struct sk_buff *skb;
 
-	printk("%s: at %p\n", __func__, idt77252_init);
-
 	if (sizeof(skb->cb) < sizeof(struct atm_skb_data) +
 			      sizeof(struct idt77252_skb_prv)) {
 		printk(KERN_ERR "%s: skb->cb is too small (%lu < %lu)\n",
-- 
2.11.0


^ permalink raw reply related	[flat|nested] 9+ messages in thread

* Re: [PATCH 4.14] atm:idt77252: Fix a kernel address leakage in idt77252
  2019-04-16  7:11 Fuqian Huang
@ 2019-04-16  8:57 ` Greg KH
  0 siblings, 0 replies; 9+ messages in thread
From: Greg KH @ 2019-04-16  8:57 UTC (permalink / raw)
  To: Fuqian Huang; +Cc: stable

On Tue, Apr 16, 2019 at 03:11:14PM +0800, Fuqian Huang wrote:
> Outputting kernel addresses will reveal the locations of kernel code
> and data. And there is no need to print the address of 
> function idt77252_init in idt77252_init. 
> This case is similar to CVE-2018-7273[1].
> Just remove the print statement.
> 
> [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7273
> 
> Signed-off-by: Fuqian Huang <huangfq.daxian@gmail.com>
> ---
>  drivers/atm/idt77252.c | 2 --
>  1 file changed, 2 deletions(-)

<formletter>

This is not the correct way to submit patches for inclusion in the
stable kernel tree.  Please read:
    https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
for how to do this properly.

</formletter>

^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2019-04-18  7:42 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-04-16 12:37 [PATCH 4.14] atm:idt77252: Fix a kernel address leakage in idt77252 Fuqian Huang
2019-04-16 12:46 ` Greg KH
2019-04-16 14:27   ` Fuqian Huang
2019-04-17  6:14     ` Greg KH
  -- strict thread matches above, loose matches on Subject: below --
2019-04-18  7:17 Fuqian Huang
2019-04-18  7:42 ` Greg KH
2019-04-16 12:31 Fuqian Huang
2019-04-16  7:11 Fuqian Huang
2019-04-16  8:57 ` Greg KH

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).