From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Bjorn Andersson <bjorn.andersson@linaro.org>
Cc: Arnd Bergmann <arnd@arndb.de>,
open list <linux-kernel@vger.kernel.org>,
Srinivas Kandagatla <srinivas.kandagatla@linaro.org>,
Jonathan Marek <jonathan@marek.ca>,
stable@vger.kernel.org,
Nicolas Dechesne <nicolas.dechesne@linaro.org>
Subject: Re: [PATCH v2] misc: fastrpc: restrict user apps from sending kernel RPC messages
Date: Mon, 1 Mar 2021 20:45:34 +0300 [thread overview]
Message-ID: <CAA8EJprTwqFWfPMjLrA2T0rJ=D3btLFHwY33VVJka1Og-9UeAQ@mail.gmail.com> (raw)
In-Reply-To: <YD0M4JyBbUrYjFMD@kroah.com>
On Mon, 1 Mar 2021 at 18:48, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> On Mon, Mar 01, 2021 at 06:34:10PM +0300, Dmitry Baryshkov wrote:
> > On Sat, 13 Feb 2021 at 11:25, Greg Kroah-Hartman
> > <gregkh@linuxfoundation.org> wrote:
> > >
> > > On Fri, Feb 12, 2021 at 10:26:58PM +0300, Dmitry Baryshkov wrote:
> > > > Verify that user applications are not using the kernel RPC message
> > > > handle to restrict them from directly attaching to guest OS on the
> > > > remote subsystem. This is a port of CVE-2019-2308 fix.
> > >
> > > A port of the fix of what to what?
> >
> > I'm sorry for the confusion. It is a port of the original
> > Qualcomm/CodeAurora fix to the upstream driver.
> >
> > See https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=cc2e11eeb988964af72309f71b0fb21c11ed6ca9,
>
> So this is a fix from 2019 that you never submitted upstream causing all
> of these kernels to be vulnerable?
It seems there is some kind of confusion here.
Srinivas and Thierry have developed the fastrpc driver. It is not the
same as the driver developed by Qualcomm. However in this case it
suffers from the same problem as the original adsprpc driver..
We have submitted the fix as soon as we've noticed the issue.
> Shouldn't the porting process go the other way, upstream first and then
> backport? That ensures we don't end up with 2 years old bugs like this
> :(
>
> Ugh.
>
> What's going to change in the development process of this code to
> prevent this from happening again?
--
With best wishes
Dmitry
next prev parent reply other threads:[~2021-03-01 17:53 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-12 19:26 [PATCH v2] misc: fastrpc: restrict user apps from sending kernel RPC messages Dmitry Baryshkov
2021-02-13 8:25 ` Greg Kroah-Hartman
2021-03-01 15:34 ` Dmitry Baryshkov
2021-03-01 15:48 ` Greg Kroah-Hartman
2021-03-01 17:45 ` Dmitry Baryshkov [this message]
2021-03-01 18:50 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAA8EJprTwqFWfPMjLrA2T0rJ=D3btLFHwY33VVJka1Og-9UeAQ@mail.gmail.com' \
--to=dmitry.baryshkov@linaro.org \
--cc=arnd@arndb.de \
--cc=bjorn.andersson@linaro.org \
--cc=gregkh@linuxfoundation.org \
--cc=jonathan@marek.ca \
--cc=linux-kernel@vger.kernel.org \
--cc=nicolas.dechesne@linaro.org \
--cc=srinivas.kandagatla@linaro.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).