Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752571AbcDULMR (ORCPT <rfc822;w@1wt.eu>);
	Thu, 21 Apr 2016 07:12:17 -0400
Received: from userp1040.oracle.com ([156.151.31.81]:32210 "EHLO
	userp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752401AbcDULMO (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 21 Apr 2016 07:12:14 -0400
Subject: Re: stable-security kernel updates
To: Jiri Slaby <jslaby@suse.cz>, LKML <linux-kernel@vger.kernel.org>,
        stable <stable@vger.kernel.org>
References: <5717DD8A.4000707@oracle.com> <571876AB.2060106@suse.cz>
Cc: lwn@lwn.net
From: Sasha Levin <sasha.levin@oracle.com>
Message-ID: <5718B57D.4000504@oracle.com>
Date: Thu, 21 Apr 2016 07:11:57 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <571876AB.2060106@suse.cz>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="NQQjeJoqxDGMGEU5hgiWuila8L1rI41h8"
X-Source-IP: aserv0021.oracle.com [141.146.126.233]
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 3941
Lines: 104

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--NQQjeJoqxDGMGEU5hgiWuila8L1rI41h8
Content-Type: multipart/mixed; boundary="9P0BgXD01aMG6wUaM6AxeComn0hne5Dln"
From: Sasha Levin <sasha.levin@oracle.com>
To: Jiri Slaby <jslaby@suse.cz>, LKML <linux-kernel@vger.kernel.org>,
 stable <stable@vger.kernel.org>
Cc: lwn@lwn.net
Message-ID: <5718B57D.4000504@oracle.com>
Subject: Re: stable-security kernel updates
References: <5717DD8A.4000707@oracle.com> <571876AB.2060106@suse.cz>
In-Reply-To: <571876AB.2060106@suse.cz>

--9P0BgXD01aMG6wUaM6AxeComn0hne5Dln
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 04/21/2016 02:43 AM, Jiri Slaby wrote:
> On 04/20/2016, 09:50 PM, Sasha Levin wrote:
>> Updates for stable-security kernels have been released:
>>
>> 	- v3.12.58-security
>=20
> I suggest nobody uses that kernel.
>=20
> That tree does not make much sense to me. For example, what's the
> purpose of "kernel: Provide READ_ONCE and ASSIGN_ONCE" (commit
> 230fa253df6352af12ad0a16128760b5cb3f92df upstream) without actually
> using the added macros (this commit was only a prerequisite)?

Looking at this, I believe that my scripts failed to merge the
follow up commit, and I missed that. I'll improve this so it won't
happen in the future. Thank you for this report.

> Ok, not that bad, it is only unused code, but why are *not* these in th=
e
> security tree?
> ipr: Fix out-of-bounds null overwrite

Is there a particular way to exploit this that I'm missing?

> Input: powermate - fix oops with malicious USB descriptors

This requires physical access to the machine.

> rapidio/rionet: fix deadlock on SMP

Seemed a bit borderline I suppose. There's nothing specific the
user can do to actually trigger this?


Another thing to note here is that security patch selection database
is shared between versions, so if a given commit gets marked as security
later on (someone figured out it's a CVE or something similar), it'll
get added to the stable-security tree even if it was initially skipped.


So I've also ended up auditing the 3.12 for missing CVE fixes and these
ones ended up being at the top of the list. Could you explain why they
are not in the 3.12 stable tree (and as a result can't get to users of
the corresponding stable-security tree)?

(CVE-2015-7513) 0185604 KVM: x86: Reload pit counters for all channels wh=
en restoring state
(CVE-2015-8539) 096fe9e KEYS: Fix handling of stored error in a negativel=
y instantiated user key
(CVE-2016-2085) 613317b EVM: Use crypto_memneq() for digest comparisons

So while the stable-security tree might be missing commits that might
or might not have security impact, it seems the 3.12 tree itself is
missing fixes for privilege escalation CVEs from last year. Should I
be recommending that no one uses 3.12?


Thanks,
Sasha



--9P0BgXD01aMG6wUaM6AxeComn0hne5Dln--

--NQQjeJoqxDGMGEU5hgiWuila8L1rI41h8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXGLV+AAoJEN6mb/eXdyzcCgwP/1SYq0r8kigMTSPH/qMFTJge
NxSkBLZKvBcFRMDsmpZsY2ES0c4bVWD1C+aTfeO+SPebgLt+DfoYn7FgrYl9hDtw
jdQfPNTc6JfpxpO+jtcUvSE/I191o5evaB4Ca8uD/CnqyeThmhFqmPwN163ixbfm
QaQQyOCz6U8m2kU85VlqN++rKgVNSc9m3B6wzKi74K0wRyFj6psmQORgdGefrM2n
HaMQUFt/F4Ym5p7TFvebFvuK5zBQgHmdkQG+QtTPZtUCpZV8bA7U6HJE3wZjBm8I
3JMIEFdXJYzcMSQvPX8fHee4LgmfpWeeJeE89BXk/N5zOqH9eQW7srnlLmsqHGSB
qgnmyHT8IjnggcJpjsi4h+6zutbkO9Tmsi4wHoW1VXoiL786IT1YZkGl+r+sX2jG
L9wtHQVcFc+vDozver2BW9pJrSV79ckoXK3t5psUxR+mupWdmbPR86IQ7+D449Nu
7H/nHK0Lax5FiPEOQHZj0E2VCC8KMroavIZbfdWYXYfGUF7unYWa8ortKsNP123M
p2kWi3JHUjAYVlLT4nTcOzD2rtI47QSI/anlFIH1GSbwtoueqQ+fcyInzx6V0elE
0upHqvkAMOIkopl7pinU5fUsS373A41HHGw5MukH9ClFvuwMymivXQeniZ018oFv
dsV9fgLtNVAooppTliNA
=N8+a
-----END PGP SIGNATURE-----

--NQQjeJoqxDGMGEU5hgiWuila8L1rI41h8--