Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758014Ab1EYP2W (ORCPT ); Wed, 25 May 2011 11:28:22 -0400 Received: from adelie.canonical.com ([91.189.90.139]:60276 "EHLO adelie.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752141Ab1EYP2V (ORCPT ); Wed, 25 May 2011 11:28:21 -0400 Date: Wed, 25 May 2011 10:28:17 -0500 From: Serge Hallyn To: Robert =?utf-8?B?xZp3acSZY2tp?= Cc: Eugene Teo , linux-kernel@vger.kernel.org, security@kernel.org, kees@ubuntu.com, Tavis Ormandy , David Howells Subject: Re: [Security] Fwd: Oops (bad memory deref) in slab_alloc() due to filp_cachep holding incorrect values Message-ID: <20110525152817.GC3507@mail.hallyn.com> References: <20110525144400.GA26206@mail.hallyn.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1313 Lines: 37 Quoting Robert Święcki (robert@swiecki.net): > >> Given that it doesn't seem to appear in 2.6.39-rc4, and judging by the > >> names of functions involved, this change looks suspiciously related to > >> this oops (even if it just made the keyctl problem visible) > >> http://git.itanic.dy.fi/?p=linux-stable;a=commitdiff;h=47a150edc2ae734c0f4bf50aa19499e23b9a46f8 > >> > >> >> #include > >> >> #include > >> >> #include > >> >> #include > >> >> #include > >> >> #include > >> >> > >> >> int TH1(void *dummy) { > >> >>        syscall(__NR_keyctl, KEYCTL_SESSION_TO_PARENT); > > > > Thanks! > > > > Fooi, it looks like all users of cred_alloc_blank() may need to be > > audited wrt commit 47a150edc2ae734c0f4bf50aa19499e23b9a46f8. > > > > Does this fix the bug you're seeing? > > Yup, the kernel survives both the testcase and a short syscall fuzzing > session. Thanks. Thanks, Robert. David, assuming this gets your ack, do you mind pushing this one forward? thanks, -serge -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/