From: NeilBrown <neilb@suse.de>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>,
Jonathan Corbet <corbet@lwn.net>, Xin Long <lucien.xin@gmail.com>,
linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
Ingo Molnar <mingo@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Vlad Yasevich <vyasevich@gmail.com>,
Neil Horman <nhorman@tuxdriver.com>,
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
"David S. Miller" <davem@davemloft.net>,
linux-sctp@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH 0/3] Fix some seq_file users that were recently broken
Date: Mon, 08 Feb 2021 09:45:09 +1100 [thread overview]
Message-ID: <87ft27ebuy.fsf@notabene.neil.brown.name> (raw)
In-Reply-To: <20210205143550.58d3530918459eafa918ad0c@linux-foundation.org>
[-- Attachment #1: Type: text/plain, Size: 1381 bytes --]
On Fri, Feb 05 2021, Andrew Morton wrote:
> On Fri, 05 Feb 2021 11:36:30 +1100 NeilBrown <neilb@suse.de> wrote:
>
>> A recent change to seq_file broke some users which were using seq_file
>> in a non-"standard" way ... though the "standard" isn't documented, so
>> they can be excused. The result is a possible leak - of memory in one
>> case, of references to a 'transport' in the other.
>>
>> These three patches:
>> 1/ document and explain the problem
>> 2/ fix the problem user in x86
>> 3/ fix the problem user in net/sctp
>>
>
> 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration code and
> interface") was August 2018, so I don't think "recent" applies here?
I must be getting old :-(
>
> I didn't look closely, but it appears that the sctp procfs file is
> world-readable. So we gave unprivileged userspace the ability to leak
> kernel memory?
Not quite that bad. The x86 problem allows arbitrary memory to be
leaked, but that is in debugfs (as I'm sure you saw) so is root-only.
The sctp one only allows an sctp_transport to be pinned. That is not
good and would, e.g., prevent the module from being unloaded. But
unlike a simple memory leak it won't affect anything outside of sctp.
>
> So I'm thinking that we aim for 5.12-rc1 on all three patches with a cc:stable?
Thanks for looking after these!
NeilBrown
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 853 bytes --]
prev parent reply other threads:[~2021-02-07 22:46 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-05 0:36 [PATCH 0/3] Fix some seq_file users that were recently broken NeilBrown
2021-02-05 0:36 ` [PATCH 1/3] seq_file: document how per-entry resources are managed NeilBrown
2021-02-05 2:20 ` Matthew Wilcox
2021-02-05 22:35 ` [PATCH 0/3] Fix some seq_file users that were recently broken Andrew Morton
2021-02-06 22:29 ` Jakub Kicinski
2021-02-07 21:11 ` Andrew Morton
2021-02-08 19:42 ` Jakub Kicinski
2021-02-07 22:45 ` NeilBrown [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ft27ebuy.fsf@notabene.neil.brown.name \
--to=neilb@suse.de \
--cc=akpm@linux-foundation.org \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sctp@vger.kernel.org \
--cc=lucien.xin@gmail.com \
--cc=luto@kernel.org \
--cc=marcelo.leitner@gmail.com \
--cc=mingo@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=peterz@infradead.org \
--cc=viro@zeniv.linux.org.uk \
--cc=vyasevich@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).