Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp5289809imm; Tue, 18 Sep 2018 07:18:00 -0700 (PDT) X-Google-Smtp-Source: ANB0VdYQohj244v3SJhOylit0P154PHfybmzofGs+kMGx31LmzKrX29oPeAdfrKEMa5rUZudYPoh X-Received: by 2002:a63:4702:: with SMTP id u2-v6mr27404856pga.95.1537280280626; Tue, 18 Sep 2018 07:18:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537280280; cv=none; d=google.com; s=arc-20160816; b=kHRd1D79WolQduHaGaFXijCGJxZXwGpqXTDemdGtuY7OtBCegYIP94AKXP9nmRzEtY GC1R9TqRDQB9G0TyDhtf+ZY1rzIul1hq404liCbofX2zN/ETi6xM2XcuPEuPLmk1jnEg 15Y4e2AA8DKvgXIge7yiv7R3nhwsTqpjDRVcyA4pjpACtED6zsnMGYK6PbDHt5RSeOKp 43mkdB9oB31KLw3XNjj0DjDG7JWHL0c8DFuolRsOnyd3vGH+l+qryRSFZAyLDWhB0i/O /xUocQ1owbcqFkPjIQFA5Hf9KAtGARYDOKe0LEmwX8WMaKsaJ97yvjzvbB9v3Jhi+UCR 2TyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date; bh=NzlV0Qrhv3vt3uFZKtcwHENC7H+vHPQSHzLlQ2A0o+g=; b=XSPlCT0kEJBLCJOdZfvBly+FVG6WiPY6cYUtiLxWMOnyb8sOZ3KFJNTbaW5Obcdou3 hWoSDLLXkgzB9Q1Z6B/FEMK3q1Jc2DwqR8qpMtXnuoMrZ6TNEfzB98boRSN9G+FBP+Op L8RpFRtXaaAutXEC6aWq8LJLAuhbmKwSOaz4IdtW35bMq0unSQZ69iV5F64y3ppP6wqo l1qSVyVWERmbQbuv5xwujidG3JQmK2AtLGHBirrbrO1yA4Ekz57rlUHQ4pZc6bAAreOp FhSqKKNE++EoQxjVYBzGODunWD9Mmyz8h72uXjOnOBLR5oE2PeF0GISIt/Ccb7SWqMVQ dlaw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y1-v6si18216734pgf.146.2018.09.18.07.17.35; Tue, 18 Sep 2018 07:18:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729674AbeIRTuN (ORCPT + 99 others); Tue, 18 Sep 2018 15:50:13 -0400 Received: from einhorn-mail.in-berlin.de ([217.197.80.20]:59317 "EHLO einhorn-mail.in-berlin.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728065AbeIRTuN (ORCPT ); Tue, 18 Sep 2018 15:50:13 -0400 X-Greylist: delayed 885 seconds by postgrey-1.27 at vger.kernel.org; Tue, 18 Sep 2018 15:50:10 EDT X-Envelope-From: stefanr@s5r6.in-berlin.de Received: from authenticated.user (localhost [127.0.0.1]) by einhorn.in-berlin.de with ESMTPSA id w8IE25iP024816 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 18 Sep 2018 16:02:05 +0200 Date: Tue, 18 Sep 2018 16:02:05 +0200 From: Stefan Richter To: Jann Horn Cc: Randy Dunlap , linux1394-devel@lists.sourceforge.net, kernel list Subject: Re: [PATCH] firewire: nosy: don't read packets bigger than requested Message-ID: <20180918160205.1e636d40@kant> In-Reply-To: References: <20180706151649.31119-1-jannh@google.com> X-Mailer: Claws Mail 3.15.0-dirty (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sep 03 Randy Dunlap wrote: > On 09/03/2018 08:55 AM, Jann Horn wrote: > > On Fri, Jul 6, 2018 at 5:16 PM Jann Horn wrote: > >> In general, accessing userspace memory beyond the length of the supplied > >> buffer in VFS read/write handlers can lead to both kernel memory corruption > >> (via kernel_read()/kernel_write(), which can e.g. be triggered via > >> sys_splice()) and privilege escalation inside userspace. > >> > >> Fixes: 286468210d83 ("firewire: new driver: nosy - IEEE 1394 traffic sniffer") > >> Signed-off-by: Jann Horn [...] > >> drivers/firewire/nosy.c | 5 +++-- > >> 1 file changed, 3 insertions(+), 2 deletions(-) [...] > > Ping. I sent this about two months ago, I haven't received a reply, > > and from what I can tell, it hasn't landed in any tree so far... > > > > :( > I have that same problem with some Firewire documentation patches. > I plan to ask someone else to merge my patches. Jann, sorry for not responding in July (was buried in other work and been effectively absent from maintainership for many months). And sorry for missing your ping in September (it must have been misplaced into the spam folder and I apparently overlooked it there). This week is another one in which I will not be able to check your patch. Next week I will have a vacation of sorts and will use it to (a) review and merge your patch and (b) clean out my mailbox and update my mail sorting filters (long overdue after my mail service provider changed backends). Again sorry, and thank you for your extraordinary patience. -- Stefan Richter -======---=- =--= =--=- http://arcgraph.de/sr/