Re: [PATCH v3] sg: mitigate read/write abuse

From: Martin K. Petersen
Date: Tue Jun 26 2018 - 13:12:48 EST

Next message: Paul E. McKenney: "[PATCH tip/core/rcu 17/22] rcutorture: Change units of onoff_interval to jiffies"
Previous message: Paul E. McKenney: "[PATCH tip/core/rcu 20/22] rcu: Add CPU online/offline state to dump_blkd_tasks()"
In reply to: Douglas Gilbert: "Re: [PATCH v3] sg: mitigate read/write abuse"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jann,

> As Al Viro noted in commit 128394eff343 ("sg_write()/bsg_write() is
> not fit to be called under KERNEL_DS"), sg improperly accesses
> userspace memory outside the provided buffer, permitting kernel memory
> corruption via splice(). But it doesn't just do it on ->write(), also
> on ->read().
>
> As a band-aid, make sure that the ->read() and ->write() handlers can
> not be called in weird contexts (kernel context or credentials
> different from file opener), like for ib_safe_file_access().

Applied to 4.18/scsi-fixes with the naming fix pointed out by Doug.

Thanks!

--
Martin K. Petersen Oracle Linux Engineering

Next message: Paul E. McKenney: "[PATCH tip/core/rcu 17/22] rcutorture: Change units of onoff_interval to jiffies"
Previous message: Paul E. McKenney: "[PATCH tip/core/rcu 20/22] rcu: Add CPU online/offline state to dump_blkd_tasks()"
In reply to: Douglas Gilbert: "Re: [PATCH v3] sg: mitigate read/write abuse"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]