From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752489AbbCZKWr (ORCPT <rfc822;w@1wt.eu>);
	Thu, 26 Mar 2015 06:22:47 -0400
Received: from h1446028.stratoserver.net ([85.214.92.142]:41344 "EHLO
	mail.ahsoftware.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751498AbbCZKWp (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 26 Mar 2015 06:22:45 -0400
Message-ID: <5513DDEF.1000409@ahsoftware.de>
Date: Thu, 26 Mar 2015 11:22:39 +0100
From: Alexander Holler <holler@ahsoftware.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
CC: linux-kernel@vger.kernel.org, stable@vger.kernel.org,
        Al Viro <viro@zeniv.linux.org.uk>
Subject: Re: [PATCH 3.19 091/123] gadgetfs: use-after-free in ->aio_read()
References: <20150324154423.655554012@linuxfoundation.org> <20150324154428.117696639@linuxfoundation.org> <55119F29.5030308@ahsoftware.de> <20150324175850.GA7215@kroah.com> <5511A7C0.2000807@ahsoftware.de> <20150325083353.GC28204@kroah.com> <55127E8F.6010007@ahsoftware.de> <20150325101507.GA20259@kroah.com> <551294E6.5020609@ahsoftware.de> <20150325110825.GA23629@kroah.com> <551298C5.3070200@ahsoftware.de>
In-Reply-To: <551298C5.3070200@ahsoftware.de>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Am 25.03.2015 um 12:15 schrieb Alexander Holler:
> Am 25.03.2015 um 12:08 schrieb Greg Kroah-Hartman:
>> On Wed, Mar 25, 2015 at 11:58:46AM +0100, Alexander Holler wrote:
>>>> As this has been broken since 3.16, and no one has taken the time to
>>>> fix
>>>> it since then, it's not really an issue here, people can just use
>>>> 4.0 if
>>>> they want it.

Just a last comment: I've no idea if the bug might be exploitable. I 
haven't had a deeper look at what it fixes but in regard to memory 
problems I would prefer a careful solution. So even without fixing the 
problem of an undefined return code in case of an oom (and the imho more 
problematic ugly output of a (with gcc 4.9 colored) warning when 
compiling the kernel, it might be better to apply the patch.

Regards,

Alexander Holler