From: Siddh Raman Pant <code@siddh.me>
To: "Dipanjan Das" <mail.dipanjan.das@gmail.com>
Cc: "David Howells" <dhowells@redhat.com>,
"Greg KH" <gregkh@linuxfoundation.org>,
"Christophe JAILLET" <christophe.jaillet@wanadoo.fr>,
"Eric Dumazet" <edumazet@google.com>,
"Fabio M. De Francesco" <fmdefrancesco@gmail.com>,
"linux-security-modules" <linux-security-module@vger.kernel.org>,
"linux-kernel-mentees"
<linux-kernel-mentees@lists.linuxfoundation.org>,
"linux-kernel" <linux-kernel@vger.kernel.org>,
"syzbot+c70d87ac1d001f29a058"
<syzbot+c70d87ac1d001f29a058@syzkaller.appspotmail.com>,
"Marius Fleischer" <fleischermarius@googlemail.com>,
"Priyanka Bose" <its.priyanka.bose@gmail.com>
Subject: Re: [PATCH] kernel/watch_queue: Make pipe NULL while clearing watch_queue
Date: Mon, 01 Aug 2022 00:16:43 +0530 [thread overview]
Message-ID: <1825594fdb6.52eb2a02235647.5426665702277259900@siddh.me> (raw)
In-Reply-To: <20220731181131.GB3569921@berlinger>
On Sun, 31 Jul 2022 23:41:31 +0530 Dipanjan Das <mail.dipanjan.das@gmail.com> wrote:
> On Wed, Jul 27, 2022 at 09:50:52PM +0530, Siddh Raman Pant wrote:
> > Thank you for explaining it!
> >
> > I will send a v3. Should I add a Suggested-by tag mentioning you?
>
> Sorry for jumping in.
>
> We have reported the same bug in kernel v5.10.131 [https://lore.kernel.org/all/CANX2M5bHye2ZEEhEV6PUj1kYL2KdWYeJtgXw8KZRzwrNpLYz+A@mail.gmail.com]. We have been suggested to join this discussion so that we can have appropriate meta-information injected in this patch’s commit message to make sure that it gets backported to v5.10.y. Therefore, we would like to be in the loop so that we can offer help in the process, if needed.
>
As you are suggesting for backporting, I should CC the stable list, or mail
after it gets merged. You have reproduced it on v5.10, but the change seems to
be introduced by c73be61cede5 ("pipe: Add general notification queue support"),
which got in at v5.8. So should it be backported till v5.8 instead?
I actually looked this up on the internet / lore now for any other reports, and
it seems this fixes a CVE (CVE-2022-1882).
The reporter of CVE seems to have linked his patch as a part of CVE report, of
which he sent v2, but he seems to do it in a roundabout way, and also in a way
similar to what Hillf Danton had replied to my v2 patch, wherein he missed
353f7988dd84 ("watchqueue: make sure to serialize 'wqueue->defunct' properly"),
so I guess I can propose my patch as a fix for the CVE.
Note: I have already sent the v3, so please suggest any new improvements etc.
(except replying to the conversation here) to the v3, which can be found here:
https://lore.kernel.org/linux-kernel/20220728155121.12145-1-code@siddh.me/
Also, you may want to break text into multiples lines instead of one huge line.
Thanks,
Siddh
WARNING: multiple messages have this Message-ID (diff)
From: Siddh Raman Pant via Linux-kernel-mentees <linux-kernel-mentees@lists.linuxfoundation.org>
To: "Dipanjan Das" <mail.dipanjan.das@gmail.com>
Cc: syzbot+c70d87ac1d001f29a058
<syzbot+c70d87ac1d001f29a058@syzkaller.appspotmail.com>,
linux-security-modules <linux-security-module@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
David Howells <dhowells@redhat.com>,
Marius Fleischer <fleischermarius@googlemail.com>,
Eric Dumazet <edumazet@google.com>,
Christophe JAILLET <christophe.jaillet@wanadoo.fr>,
Priyanka Bose <its.priyanka.bose@gmail.com>,
"Fabio M. De Francesco" <fmdefrancesco@gmail.com>,
linux-kernel-mentees
<linux-kernel-mentees@lists.linuxfoundation.org>
Subject: Re: [PATCH] kernel/watch_queue: Make pipe NULL while clearing watch_queue
Date: Mon, 01 Aug 2022 00:16:43 +0530 [thread overview]
Message-ID: <1825594fdb6.52eb2a02235647.5426665702277259900@siddh.me> (raw)
In-Reply-To: <20220731181131.GB3569921@berlinger>
On Sun, 31 Jul 2022 23:41:31 +0530 Dipanjan Das <mail.dipanjan.das@gmail.com> wrote:
> On Wed, Jul 27, 2022 at 09:50:52PM +0530, Siddh Raman Pant wrote:
> > Thank you for explaining it!
> >
> > I will send a v3. Should I add a Suggested-by tag mentioning you?
>
> Sorry for jumping in.
>
> We have reported the same bug in kernel v5.10.131 [https://lore.kernel.org/all/CANX2M5bHye2ZEEhEV6PUj1kYL2KdWYeJtgXw8KZRzwrNpLYz+A@mail.gmail.com]. We have been suggested to join this discussion so that we can have appropriate meta-information injected in this patch’s commit message to make sure that it gets backported to v5.10.y. Therefore, we would like to be in the loop so that we can offer help in the process, if needed.
>
As you are suggesting for backporting, I should CC the stable list, or mail
after it gets merged. You have reproduced it on v5.10, but the change seems to
be introduced by c73be61cede5 ("pipe: Add general notification queue support"),
which got in at v5.8. So should it be backported till v5.8 instead?
I actually looked this up on the internet / lore now for any other reports, and
it seems this fixes a CVE (CVE-2022-1882).
The reporter of CVE seems to have linked his patch as a part of CVE report, of
which he sent v2, but he seems to do it in a roundabout way, and also in a way
similar to what Hillf Danton had replied to my v2 patch, wherein he missed
353f7988dd84 ("watchqueue: make sure to serialize 'wqueue->defunct' properly"),
so I guess I can propose my patch as a fix for the CVE.
Note: I have already sent the v3, so please suggest any new improvements etc.
(except replying to the conversation here) to the v3, which can be found here:
https://lore.kernel.org/linux-kernel/20220728155121.12145-1-code@siddh.me/
Also, you may want to break text into multiples lines instead of one huge line.
Thanks,
Siddh
_______________________________________________
Linux-kernel-mentees mailing list
Linux-kernel-mentees@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees
next prev parent reply other threads:[~2022-07-31 18:47 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-23 13:54 [PATCH] kernel/watch_queue: Make pipe NULL while clearing watch_queue Siddh Raman Pant
2022-07-23 13:54 ` Siddh Raman Pant via Linux-kernel-mentees
2022-07-23 14:03 ` Greg KH
2022-07-23 14:03 ` Greg KH
2022-07-23 14:29 ` Siddh Raman Pant via Linux-kernel-mentees
2022-07-23 14:29 ` Siddh Raman Pant
2022-07-24 3:45 ` Khalid Masum
2022-07-24 3:45 ` Khalid Masum
2022-07-24 4:02 ` Siddh Raman Pant
2022-07-24 4:02 ` Siddh Raman Pant via Linux-kernel-mentees
2022-07-23 14:04 ` Greg KH
2022-07-23 14:04 ` Greg KH
2022-07-23 14:29 ` Siddh Raman Pant via Linux-kernel-mentees
2022-07-23 14:29 ` Siddh Raman Pant
2022-07-27 14:46 ` David Howells
2022-07-27 14:46 ` David Howells
2022-07-27 16:20 ` Siddh Raman Pant
2022-07-27 16:20 ` Siddh Raman Pant via Linux-kernel-mentees
2022-07-31 18:11 ` Dipanjan Das
2022-07-31 18:11 ` Dipanjan Das
2022-07-31 18:46 ` Siddh Raman Pant [this message]
2022-07-31 18:46 ` Siddh Raman Pant via Linux-kernel-mentees
2022-08-01 8:47 ` Greg KH
2022-08-01 8:47 ` Greg KH
2022-08-01 8:53 ` Siddh Raman Pant
2022-08-01 8:53 ` Siddh Raman Pant via Linux-kernel-mentees
2022-08-01 21:06 ` Hillf Danton
2022-08-02 1:14 ` Siddh Raman Pant
2022-08-02 1:19 ` Siddh Raman Pant
2022-07-27 14:15 ` David Howells
2022-07-27 14:15 ` David Howells
2022-07-27 14:23 ` Siddh Raman Pant
2022-07-27 14:23 ` Siddh Raman Pant via Linux-kernel-mentees
2022-08-01 12:15 Hillf Danton
2022-08-01 12:52 ` Siddh Raman Pant
2022-08-01 12:52 ` Siddh Raman Pant via Linux-kernel-mentees
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1825594fdb6.52eb2a02235647.5426665702277259900@siddh.me \
--to=code@siddh.me \
--cc=christophe.jaillet@wanadoo.fr \
--cc=dhowells@redhat.com \
--cc=edumazet@google.com \
--cc=fleischermarius@googlemail.com \
--cc=fmdefrancesco@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=its.priyanka.bose@gmail.com \
--cc=linux-kernel-mentees@lists.linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mail.dipanjan.das@gmail.com \
--cc=syzbot+c70d87ac1d001f29a058@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.