Message ID | 20110218211814.7CD4AF89F8@sepang.rtg.net |
---|---|
State | Accepted |
Headers | show |
Implementation looks correct, only thing I would probably change is to take the reference and description of the first patch and add a comment about the fixup in the body... On 02/18/2011 10:18 PM, Tim Gardner wrote: > The following changes since commit 0b2f210442dd2ca2c184c1451f5d41fa37e7c60b: > Brad Figg (1): > UBUNTU: Ubuntu-2.6.24-28.86 > > are available in the git repository at: > > git://kernel.ubuntu.com/rtg/ubuntu-hardy.git CVE-2010-4163 > > Tim Gardner (1): > block: check for proper length of iov entries earlier in blk_rq_map_user_iov(), CVE-2010-4163 > > fs/bio.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > From aabab832c692067d4558aa577222ee408be06df0 Mon Sep 17 00:00:00 2001 > From: Tim Gardner <tim.gardner@canonical.com> > Date: Fri, 18 Feb 2011 14:15:10 -0700 > Subject: [PATCH] block: check for proper length of iov entries earlier in blk_rq_map_user_iov(), CVE-2010-4163 > > BugLink: http://bugs.launchpad.net/bugs/721504 > > CVE-2010-4163 > > commit 9284bcf checks for proper length of iov entries in > blk_rq_map_user_iov(). But if the map is unaligned, kernel > will break out the loop without checking for the proper length. > So we need to check the proper length before the unalign check. > > Signed-off-by: Xiaotian Feng <dfeng@redhat.com> > Cc: stable@kernel.org > Signed-off-by: Jens Axboe <jaxboe@fusionio.com> > (backported from commit 5478755616ae2ef1ce144dded589b62b2a50d575) > > Signed-off-by: Tim Gardner <tim.gardner@canonical.com> > --- > fs/bio.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/fs/bio.c b/fs/bio.c > index d59ddbf..461ca55 100644 > --- a/fs/bio.c > +++ b/fs/bio.c > @@ -609,6 +609,9 @@ static struct bio *__bio_map_user_iov(struct request_queue *q, > unsigned long end = (uaddr + len + PAGE_SIZE - 1) >> PAGE_SHIFT; > unsigned long start = uaddr >> PAGE_SHIFT; > > + if (!len) > + return ERR_PTR(-EINVAL); > + > nr_pages += end - start; > /* > * buffer must be aligned to at least hardsector size for now
On 02/18/2011 01:18 PM, Tim Gardner wrote: > The following changes since commit 0b2f210442dd2ca2c184c1451f5d41fa37e7c60b: > Brad Figg (1): > UBUNTU: Ubuntu-2.6.24-28.86 > > are available in the git repository at: > > git://kernel.ubuntu.com/rtg/ubuntu-hardy.git CVE-2010-4163 > > Tim Gardner (1): > block: check for proper length of iov entries earlier in blk_rq_map_user_iov(), CVE-2010-4163 > > fs/bio.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > From aabab832c692067d4558aa577222ee408be06df0 Mon Sep 17 00:00:00 2001 > From: Tim Gardner<tim.gardner@canonical.com> > Date: Fri, 18 Feb 2011 14:15:10 -0700 > Subject: [PATCH] block: check for proper length of iov entries earlier in blk_rq_map_user_iov(), CVE-2010-4163 > > BugLink: http://bugs.launchpad.net/bugs/721504 > > CVE-2010-4163 > > commit 9284bcf checks for proper length of iov entries in > blk_rq_map_user_iov(). But if the map is unaligned, kernel > will break out the loop without checking for the proper length. > So we need to check the proper length before the unalign check. > > Signed-off-by: Xiaotian Feng<dfeng@redhat.com> > Cc: stable@kernel.org > Signed-off-by: Jens Axboe<jaxboe@fusionio.com> > (backported from commit 5478755616ae2ef1ce144dded589b62b2a50d575) > > Signed-off-by: Tim Gardner<tim.gardner@canonical.com> > --- > fs/bio.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/fs/bio.c b/fs/bio.c > index d59ddbf..461ca55 100644 > --- a/fs/bio.c > +++ b/fs/bio.c > @@ -609,6 +609,9 @@ static struct bio *__bio_map_user_iov(struct request_queue *q, > unsigned long end = (uaddr + len + PAGE_SIZE - 1)>> PAGE_SHIFT; > unsigned long start = uaddr>> PAGE_SHIFT; > > + if (!len) > + return ERR_PTR(-EINVAL); > + > nr_pages += end - start; > /* > * buffer must be aligned to at least hardsector size for now Acked-by: Brad Figg <brad.figg@canonical.com>
On 02/18/2011 01:18 PM, Tim Gardner wrote: > The following changes since commit 0b2f210442dd2ca2c184c1451f5d41fa37e7c60b: > Brad Figg (1): > UBUNTU: Ubuntu-2.6.24-28.86 > > are available in the git repository at: > > git://kernel.ubuntu.com/rtg/ubuntu-hardy.git CVE-2010-4163 > > Tim Gardner (1): > block: check for proper length of iov entries earlier in blk_rq_map_user_iov(), CVE-2010-4163 > > fs/bio.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > From aabab832c692067d4558aa577222ee408be06df0 Mon Sep 17 00:00:00 2001 > From: Tim Gardner<tim.gardner@canonical.com> > Date: Fri, 18 Feb 2011 14:15:10 -0700 > Subject: [PATCH] block: check for proper length of iov entries earlier in blk_rq_map_user_iov(), CVE-2010-4163 > > BugLink: http://bugs.launchpad.net/bugs/721504 > > CVE-2010-4163 > > commit 9284bcf checks for proper length of iov entries in > blk_rq_map_user_iov(). But if the map is unaligned, kernel > will break out the loop without checking for the proper length. > So we need to check the proper length before the unalign check. > > Signed-off-by: Xiaotian Feng<dfeng@redhat.com> > Cc: stable@kernel.org > Signed-off-by: Jens Axboe<jaxboe@fusionio.com> > (backported from commit 5478755616ae2ef1ce144dded589b62b2a50d575) > > Signed-off-by: Tim Gardner<tim.gardner@canonical.com> > --- > fs/bio.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/fs/bio.c b/fs/bio.c > index d59ddbf..461ca55 100644 > --- a/fs/bio.c > +++ b/fs/bio.c > @@ -609,6 +609,9 @@ static struct bio *__bio_map_user_iov(struct request_queue *q, > unsigned long end = (uaddr + len + PAGE_SIZE - 1)>> PAGE_SHIFT; > unsigned long start = uaddr>> PAGE_SHIFT; > > + if (!len) > + return ERR_PTR(-EINVAL); > + > nr_pages += end - start; > /* > * buffer must be aligned to at least hardsector size for now Acked-by: Brad Figg <brad.figg@canonical.com>
applied