On Tue, 11 Dec 2007, Chuck Ebbert wrote:
> On 11/28/2007 01:55 PM, Hugh Dickins wrote:
> > tmpfs was misconverted to __GFP_ZERO in 2.6.11. There's an unusual case in
> > which shmem_getpage receives the page from its caller instead of allocating.
> > We must cover this case by clear_highpage before SetPageUptodate, as before.
> >
> > Signed-off-by: Hugh Dickins <[email protected]>
> > ---
>
> What are the symptoms of the bug this fixes?
I've not seen it in practice, just noticed it while working on that
area in the code. What's the polite way of describing these things
in public? It's a vulnerability which might allow an attacker to
access data from inside the kernel which should have been zeroed -
in very limited circumstances I'd prefer not to have to devise and
announce.
It would also be wrong data, so could for example crash any program
rightly relying on uninitialized static data to be zeroed - in the
unlikely event that its data was coming via this route (in most setups
it never can do, perhaps I'd conclude that's true of all setups). It
has escaped notice for nearly three years, so it's not a commonplace.
Further discussion offline if you like!
Hugh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
