Received: by 2002:a25:2c96:0:0:0:0:0 with SMTP id s144csp1559702ybs; Mon, 25 May 2020 20:27:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx/wNUG/qNafGrimr6lmirr4U3sk0aBfrMwkklt1xxunTXFHy52qQZhq+bpcHhp/GaeUM9G X-Received: by 2002:a05:6402:1adc:: with SMTP id ba28mr17728564edb.14.1590463639967; Mon, 25 May 2020 20:27:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590463639; cv=none; d=google.com; s=arc-20160816; b=kzDOhMi78vk8JD3tbb/64hvFIO1D3UghhbwLLj7a+CsCnVnGnob03Ai6a5+yh/QDQH Av0TNVfETFmkcaTWcH9F6UrjGmGHXQpg075Bhjl1A+APMtVMpfHZ+8cstIcmt1yt+uCh E2r31KLYFzP2ruA10t3dD0ogGHVrrltHwlrHO0WuBQUmKkyx12NWTjU5CbyjRB6orHsn 17xDS5dF3FHMVfXkUh+cYjFFW2053dwCbWFDRZffDeAdHmf8o68Lw9C3A2ak8QQ9oWjN 3FcJKV8SaDcmelapseNkKPv3IORaoda6O+s1FtT8Y85R05X+vfhCal0ie4g7tl6W8/kh 32Cg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:dkim-signature; bh=fYtbna4q9fnNrZd1Bcjb160n7/fhMyojJOvccGeqRJw=; b=wJudeGqrjPBBaqT7OqzhI9OcDc1PSgcrZ1+xZPCbNQHFChpbJ248HFp+2f1UMjearP KU8cD5iMgQr3jxJd8oyQJrqADOz13l7q79gRVOqAC0EaMr53/PCIN0JDIoQ3K9FcuUH5 8Hh14jyIbs6A0f56hR8yFtV8rVSjefyJ3MCUxlqSW3ET5/CHc17p9/mK+Mi1ZJ8ghQhg bik4JfJs91WJV+f7yJJs5y8lMdkz/4h4RYhKofTKldzL7HyYsRLSEm+wvOOeEdEse1dM 06IdbJcSyM0PWmRqrGQXdJ3rsk1EAqvSptc6kuIPDohGhgeCAoSWyioPa5IDSM9p3gz+ rUsQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ellerman.id.au header.s=201909 header.b=c7I+JSwB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gz16si11170395ejb.384.2020.05.25.20.26.57; Mon, 25 May 2020 20:27:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@ellerman.id.au header.s=201909 header.b=c7I+JSwB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388571AbgEZDZT (ORCPT + 99 others); Mon, 25 May 2020 23:25:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56834 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388478AbgEZDZS (ORCPT ); Mon, 25 May 2020 23:25:18 -0400 Received: from ozlabs.org (bilbo.ozlabs.org [IPv6:2401:3900:2:1::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 681E4C061A0E for ; Mon, 25 May 2020 20:25:18 -0700 (PDT) Received: from authenticated.ozlabs.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.ozlabs.org (Postfix) with ESMTPSA id 49WK8n41JWz9sRW; Tue, 26 May 2020 13:25:13 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ellerman.id.au; s=201909; t=1590463515; bh=EuyE1DTbxcWhCkVOvnT3Nye5fIuEnQS303Y4ecOW4aA=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=c7I+JSwBWE0cUqbYPa7xs6INyMPaS3afiQUhP1Q8CifNu73WVZJZkdgXYlEpvgf5G 4oMnFAYK94XPOwaYcNgAn2hZ4PQwEqAxkVi5Or3xztH9tLXdnDiN0auD/x/+SmEPi4 dmlMdr1Yp1nfgXh4PT7/J4osQZTadbUmReJfdQh331dCHKkji6h63JXkG4ve0WpHKE kbr2J4c1Z6khtVD4eAuvfaFify7x78t1cLOlrRgk0iNONukXge0RhDYDrLD6I7MRyq gT1Df0FkqzKti0Rr+WXOe8Ksfq3YFvW9VThe+R9godADWqeevOTbxuBRV0h30kkjq1 pbm687WNakNqA== From: Michael Ellerman To: Andrew Morton Cc: linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk, ajd@linux.ibm.com, syzbot+1e925b4b836afe85a1c6@syzkaller-ppc64.appspotmail.com, syzbot+587b2421926808309d21@syzkaller-ppc64.appspotmail.com, syzbot+58320b7171734bf79d26@syzkaller.appspotmail.com, syzbot+d6074fb08bdb2e010520@syzkaller.appspotmail.com, Guenter Roeck , Daniel Axtens , Salvatore Bonaccorso , David Rientjes Subject: Re: [PATCH v2] relay: handle alloc_percpu returning NULL in relay_open In-Reply-To: <87ftbo232s.fsf@dja-thinkpad.axtens.net> References: <20191219121256.26480-1-dja@axtens.net> <20200521152514.GA2868125@eldamar.local> <87ftbo232s.fsf@dja-thinkpad.axtens.net> Date: Tue, 26 May 2020 13:25:36 +1000 Message-ID: <878shffkcv.fsf@mpe.ellerman.id.au> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [ + akpm ] Daniel Axtens writes: >>> > Check if alloc_percpu returns NULL. >>> > >>> > This was found by syzkaller both on x86 and powerpc, and the reproducer >>> > it found on powerpc is capable of hitting the issue as an unprivileged >>> > user. >>> > >>> > Fixes: 017c59c042d0 ("relay: Use per CPU constructs for the relay channel buffer pointers") >>> > Reported-by: syzbot+1e925b4b836afe85a1c6@syzkaller-ppc64.appspotmail.com >>> > Reported-by: syzbot+587b2421926808309d21@syzkaller-ppc64.appspotmail.com >>> > Reported-by: syzbot+58320b7171734bf79d26@syzkaller.appspotmail.com >>> > Reported-by: syzbot+d6074fb08bdb2e010520@syzkaller.appspotmail.com >>> > Cc: Akash Goel >>> > Cc: Andrew Donnellan # syzkaller-ppc64 >>> > Reviewed-by: Michael Ellerman >>> > Reviewed-by: Andrew Donnellan >>> > Cc: stable@vger.kernel.org # v4.10+ >>> > Signed-off-by: Daniel Axtens >>> >>> Acked-by: David Rientjes >> >> It looks this one was never applied (which relates to CVE-2019-19462, >> as pointed by Guenter in 20191223163610.GA32267@roeck-us.net). >> >> Whas this lost or are there any issues pending? > > I'm not aware of any pending issues. > > (But, if anyone does have any objections I'm happy to revise the patch.) It looks like kernel/relay.c is lacking a maintainer? Andrew are you able to pick this up for v5.8? It's pretty obviously correct, and has David's ack. Original is here if that helps: https://lore.kernel.org/lkml/20191219121256.26480-1-dja@axtens.net/ cheers