Received: by 2002:a05:6500:1b45:b0:1f5:f2ab:c469 with SMTP id cz5csp1276055lqb; Thu, 18 Apr 2024 05:37:41 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWT3Ody5eei1nNIQ3teVeiQtSZ2vKBDLML0IoZxXrQvds2vuXR1OF1TtlxoJ0dsau90VVyWZDgZBhtAB58jg+iTBnXTthWBbjR77oTq0Q== X-Google-Smtp-Source: AGHT+IEa9eBa9rtJ8heFoClW6qNK7Pu9oOhbswtfE+2rfhBldvp7svM9XSiZ2Tjawfo0aeHAiUQu X-Received: by 2002:a9d:6750:0:b0:6eb:83a8:daa4 with SMTP id w16-20020a9d6750000000b006eb83a8daa4mr2853393otm.3.1713443861690; Thu, 18 Apr 2024 05:37:41 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713443861; cv=pass; d=google.com; s=arc-20160816; b=f9M0fomSfjllndHV61oJhBBLfCwsnZG2EKVr2qSOF9oP67+kSo7HpY0eXYJhgYvYe2 X/7sXwQAnSTPPXoHnneWRCPaOGyRxQwDclonbNY2UeNGAa3EL6JZLrKZDCZyBM/jHbox /GiY5pyUVgskSnaoMXUPzmURRTNUkquPpbaqkajlT5+vsCB/uNc9Z6/tXoIiEJ1V/W+G Z4e4sEzTH7hWvQdDTo2n+RoEisr5iDvJn97rPD6tVI+3BHXdBx0Jw3/mvqXGuawilgD2 s1V6h+Gm4uqEY+AWEL/JmPX7tM1g+ozT2jvAr07XKgukKxrNfmp6rv4UvAN8fxzX1vUY 7Ejg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=ZpaAeQocFtvAqcbVfyREulJwXZphcvXbDvc6f3YNhk4=; fh=Wt9yfClQJue1P54NJaE8OdfICy3buOWNqjt2dtQL0hY=; b=j3bbovOh3DaiGd5FBURC1sFmHYoWh2lpINADj41WQ5hHNoJNb8i0kIowcJeZ0Yo0rG aV1cO/XwkeiEBaqaNFY7+AjGT5FwXWS1xcc9+ho4DIAth80s6S2jSMbkXJg8DlWZeOm+ 49XO8r4bm1rIZsEkHkgU8euH0+kuZSQ3bWbrZPvEo1PcQ9lj1NvZYnifUIzOoKrsTlRd Qbtfkj6vk5InJbwGHYSNj/TpQ+K0hJ3EWV+rbuCuVuDafUPx9u8yGLI88tLX0dYx9E+n cP1smal/jTo3GcmxECkbjxkW615XaTRoYS/r9M9FKavPDt5oig2bT8+sPK4735Dqx2vT xNDQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=CQyTwiPo; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-150068-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-150068-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id r13-20020a632b0d000000b005dc81a30771si1352547pgr.254.2024.04.18.05.37.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Apr 2024 05:37:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-150068-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=CQyTwiPo; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-150068-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-150068-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 88137B220FF for ; Thu, 18 Apr 2024 12:35:06 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E41841DFE8; Thu, 18 Apr 2024 12:35:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="CQyTwiPo" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EB3BA3BBFE; Thu, 18 Apr 2024 12:35:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713443701; cv=none; b=FHk75pm8LvIyFvAA9nK+zKH2ZWY+MJnQfKygmreWRVu8nuHV9BZlt6JJp32GbfkoYYkNFMBNHcpgn/TdH7APQQgVSB5d6W1t2S4mpAjvcZmvN76XvY6NpJE4AaKCRN318lXIiUNd+zp9YYPytfVaJLXSn5nN43ZJ87/VZNrSaqk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713443701; c=relaxed/simple; bh=QoJZ9cDGA2Of8vEpXDv/CLcAZv4SkKX2GQYHhqv/IbY=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=uTboaRtiKpirj8eMhvI1mMUUSbPkisKCgqrZux5MQ+LwCidrvB/p5Nn7aiGgCTqyYpFiQX/vvexRPm99nntgVuvuI7/isyeHEzTzExAv3NTNbzdz0hpgt1eILWuDJJFk69u0CWQnZHI/H7IIPvsQNPK0NAhVHmKjjh1qZ/IFaJo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=CQyTwiPo; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0EC3CC113CC; Thu, 18 Apr 2024 12:34:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1713443700; bh=QoJZ9cDGA2Of8vEpXDv/CLcAZv4SkKX2GQYHhqv/IbY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=CQyTwiPoVVC0pNAFTtI1GZv01E2u9Ol/4Cjb3RJC+O0Co/QR9Cydl/HrENH+jiyF8 pxewW0+3oBDpvtyIBzfGPd2tHdQkLNxC28zcq5P+5JEznmItWBBjuy1eX0XkQ9QXh6 eKSbPs/NnSfARu3CQeMLGot5uovNpuKX8WWiBMFQ= Date: Thu, 18 Apr 2024 14:34:57 +0200 From: "gregkh@linuxfoundation.org" To: Siddh Raman Pant Cc: "cve@kernel.org" , "linux-cve-announce@vger.kernel.org" , "linux-kernel@vger.kernel.org" Subject: Re: CVE-2024-26920: tracing/trigger: Fix to return error if failed to alloc snapshot Message-ID: <2024041805-rippling-entourage-1a72@gregkh> References: <2024041738-CVE-2024-26920-a681@gregkh> <6fa1eb4368cbaa2d0b243539f1d91692da95e117.camel@oracle.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6fa1eb4368cbaa2d0b243539f1d91692da95e117.camel@oracle.com> On Thu, Apr 18, 2024 at 11:59:41AM +0000, Siddh Raman Pant wrote: > Hi Greg, > > > In the Linux kernel, the following vulnerability has been resolved: > > > > tracing/trigger: Fix to return error if failed to alloc snapshot > > > > Fix register_snapshot_trigger() to return error code if it failed to > > allocate a snapshot instead of 0 (success). Unless that, it will register > > snapshot trigger without an error. > > This commit is problematic on 4.19.y, 5.4.y, 5.10.y, and 5.15.y, > and should be reversed, and this CVE should be rejected for those > versions. Then please submit a patch for this. But note, CVEs are not for specific versions, sorry. We give a hint as to what kernel versions might be affected, but we don not assign CVE to versions. > > The return value should be 0 on failure, because in the functions > event_trigger_callback() and event_enable_trigger_func(), we have: > > ret = cmd_ops->reg(glob, trigger_ops, trigger_data, file); > /* > * The above returns on success the # of functions enabled, > * but if it didn't find any functions it returns zero. > * Consider no functions a failure too. > */ > if (!ret) { > ret = -ENOENT; > > Thus, the commit breaks this assumption. > > This commit needs b8cc44a4d3c1 ("tracing: Remove logic for registering > multiple event triggers at a time") as a prerequisite, as it removes > the above. Should we just take that patch instead? thanks, greg k-h