Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp3575577pxb; Sun, 7 Feb 2021 14:47:13 -0800 (PST) X-Google-Smtp-Source: ABdhPJy5hAIcEGhTMjRPgAOjF9qJTM/sY09zPtVCa+AwkOWDIS3xBuM5C1D6puy2yeDK4iAUD32z X-Received: by 2002:a17:906:5495:: with SMTP id r21mr14386244ejo.59.1612738032870; Sun, 07 Feb 2021 14:47:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612738032; cv=none; d=google.com; s=arc-20160816; b=uzxipoUqIho0fzIYYY1rjXWqXWSf2N0Nvl9NHrMEEvgb7S/LMJESgigHU0F0zs7RDJ m5W2m7MsOsyo3dytKmmkgB9ypvPyXvhsSmo3aedcvJBCz6lHv2D7OXUAgOMqXITKytL0 kXk/AYLqhri7KuJ/KTWRkm+Wvx8pGJDmstopkMHED3bQNVgfFBbBAujyv/djQim6Nym4 TTaG7CIHj/vyTp5nwtdFmZf0Ws+Wldmt0po3eUGG9IzDsC1kx0z2QIWnTSfEyakYKS3P jbSszZ6CZ+YOTEN0AX5KwTZ/U/gXcDQhZhgUmKQl6eBcALvb3Nipz7Tgobke4p9AvK78 QNbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:references:in-reply-to :subject:cc:date:to:from; bh=EjJ/23mgMzj2Lts9ohbOVTb9JzPfaPSdtaYP9VnbUn8=; b=zqVSZeTwnsTBAep66PmsedqJQCnCOQsvYzQNjNxs03jQRDK8lrZL0dfex9YFvKUvPJ 5pCDykrOo6jNXFKJYln2Bhuas3qyeMptVqyX9IIltCrehBtexkYE/46lZZ3PMbnT4+6G sd5Q2/TKHSgjmE3Jij+Jj14yQmAB1knQIUHDBlIbVKqrQVe3qzMTqT7T0QokF0jOKx2K iPyOa4qUysTNMa95GBd/v7bT6kXqMXZEjLFiK9XoPHa3VspdH91sTj8zRH8N3aQa80fC sZJ73Pdz+SKOxbITi0ULAike9X05jM+qbpvGJ9jOVSg/HmTsj7jrd1cA5GlcHvIjo3fB r7Kg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z2si9964369eja.539.2021.02.07.14.46.47; Sun, 07 Feb 2021 14:47:12 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229601AbhBGWqC (ORCPT + 99 others); Sun, 7 Feb 2021 17:46:02 -0500 Received: from mx2.suse.de ([195.135.220.15]:51000 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229506AbhBGWqB (ORCPT ); Sun, 7 Feb 2021 17:46:01 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 229C2AD24; Sun, 7 Feb 2021 22:45:20 +0000 (UTC) From: NeilBrown To: Andrew Morton Date: Mon, 08 Feb 2021 09:45:09 +1100 Cc: Alexander Viro , Jonathan Corbet , Xin Long , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, Ingo Molnar , Dave Hansen , Andy Lutomirski , Peter Zijlstra , Vlad Yasevich , Neil Horman , Marcelo Ricardo Leitner , "David S. Miller" , linux-sctp@vger.kernel.org, netdev@vger.kernel.org Subject: Re: [PATCH 0/3] Fix some seq_file users that were recently broken In-Reply-To: <20210205143550.58d3530918459eafa918ad0c@linux-foundation.org> References: <161248518659.21478.2484341937387294998.stgit@noble1> <20210205143550.58d3530918459eafa918ad0c@linux-foundation.org> Message-ID: <87ft27ebuy.fsf@notabene.neil.brown.name> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, Feb 05 2021, Andrew Morton wrote: > On Fri, 05 Feb 2021 11:36:30 +1100 NeilBrown wrote: > >> A recent change to seq_file broke some users which were using seq_file >> in a non-"standard" way ... though the "standard" isn't documented, so >> they can be excused. The result is a possible leak - of memory in one >> case, of references to a 'transport' in the other. >>=20 >> These three patches: >> 1/ document and explain the problem >> 2/ fix the problem user in x86 >> 3/ fix the problem user in net/sctp >>=20 > > 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration code and > interface") was August 2018, so I don't think "recent" applies here? I must be getting old :-( > > I didn't look closely, but it appears that the sctp procfs file is > world-readable. So we gave unprivileged userspace the ability to leak > kernel memory? Not quite that bad. The x86 problem allows arbitrary memory to be leaked, but that is in debugfs (as I'm sure you saw) so is root-only. The sctp one only allows an sctp_transport to be pinned. That is not good and would, e.g., prevent the module from being unloaded. But unlike a simple memory leak it won't affect anything outside of sctp. > > So I'm thinking that we aim for 5.12-rc1 on all three patches with a cc:s= table? Thanks for looking after these! NeilBrown --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJCBAEBCAAsFiEEG8Yp69OQ2HB7X0l6Oeye3VZigbkFAmAgbXYOHG5laWxiQHN1 c2UuZGUACgkQOeye3VZigbmRIw/+L3opkKLyG2Hn5LtKCl8TV5atFOVnkNdg4u1/ N7vs18opY/vMHwel8DJX3FKF1nZeiZVan1cUox774eoWmFjni/IGrVU9HjVowJhc zHqv17t60IuxAWl4YAYu1SEryAgLMtX6OlqJVrjQ1WRpMEqWN14SgJ2qbuQQW3Fp zuCEaR5/MMmWfHtVxthrlmqrPO4DdULJWd54S+OR9AdBTJ5iTP6GqbiT6E5500am DMlL9oaymdwILGK339a97BDkvo/GcXiU4I9Netwsn+dhE+iM0A6nfdpR2S+UkbLE fqIC4ICia5Cdd04cuMQxqjDqKqgWoj6q+j5BisfXu+VryUWPp+IKLJnljJ3HKOo1 8HZ4M4ldc2c2fo0BZy8qLgld2Ky9yWfkWvFxD91fdLoW862hb4QSORaqeuOHCCxy TFEgOfgEXRS0y1YP1ue1TkvBCMlFlRQ/y4b0b7PKLcZmbQ8gZP/ZLtMcPVxS+uiW WtqvP8ED9uSbmDgZKWrkId0XN2qd/N2VeDqqaHLEm3AYBYKe6sjNRq/P2XhaJgvg fwgFf5HWbWRwpgdLtSpFdwobSZJoSfoqWPGfHw9qnldXXbLSuDrEHIFRywNCHODl SpL40dXvgMrkDtHYK7C9V7xPMCj9Ja0dnSR2KJQOJnWXw4NnHUXbVAf7VP+5MqpD WJxmMU8= =Gd5p -----END PGP SIGNATURE----- --=-=-=--