Re: linux-3.16.2 queue (3.16.1+)
From: Greg KH
Date: Fri Sep 12 2014 - 17:29:27 EST
On Thu, Sep 11, 2014 at 12:29:30AM -0400, Jeff Mahoney wrote:
> On 9/6/14, 11:18 PM, Greg KH wrote:
> > On Sun, Sep 07, 2014 at 02:47:55AM +0200, Matt wrote:
> >> On Thu, Aug 28, 2014 at 9:18 PM, Matt <jackdachef@xxxxxxxxx>
> >> wrote:
> >>> On Thu, Aug 28, 2014 at 5:32 PM, Greg KH
> >>> <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> >>>> On Thu, Aug 28, 2014 at 05:27:27PM +0200, Matt wrote:
> >>>>> On Thu, Aug 28, 2014 at 5:22 PM, Greg KH
> >>>>> <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> >>>>>> On Thu, Aug 28, 2014 at 05:16:58PM +0200, Matt wrote:
> >>>>>>> Hi Greg,
> >>>>>>>
> >>>>>>>
> >>>>>>> please consider adding the following 2 patches to
> >>>>>>> 3.16.2:
> >>>>>>>
> >>>>>>> Jan Kara (1): reiserfs: Fix use after free in journal
> >>>>>>> teardown
> >>>>>>>
> >>>>>>> Jeff Mahoney (1): reiserfs: fix corruption introduced
> >>>>>>> by balance_leaf refactor
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> Reason/Related:
> >>>>>>>
> >>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=83121
> >>>>>>>
> >>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=83321
> >>>>>>>
> >>>>>>> http://forums.gentoo.org/viewtopic-t-998538-postdays-0-postorder-asc-start-0.html
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> Many thanks in advance
> >>>>>>
> >>>>>> I need git commit ids of these patches in Linus's tree,
> >>>>>> can you provide those please?
> >>>>>>
> >>>>>> thanks,
> >>>>>>
> >>>>>> greg k-h
> >>>>>
> >>>>>
> >>>>> Sure:
> >>>>>
> >>>>> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=27d0e5bc85f3341b9ba66f0c23627cf9d7538c9d
> >>>>>
> >>>>>
> reiserfs: fix corruption introduced by balance_leaf refactor
> >>>>>
> >>>>>
> >>>>> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=01777836c87081e4f68c4a43c9abe6114805f91e
> >>>>>
> >>>>>
> reiserfs: Fix use after free in journal teardown
> >>>>>
> >>>>>
> >>>>>
> >>>>> are checkpatch warnings usually also fixed within stable
> >>>>> releases ?
> >>>>
> >>>> No, not at all, please read
> >>>> Documentation/stable_kernel_patches.txt for what is
> >>>> acceptable for stable kernel patches.
> >>>>
> >>>> thanks,
> >>>>
> >>>> greg k-h
> >>>
> >>>
> >>> okay, will do
> >>>
> >>> thanks for pointing that out
> >>>
> >>>
> >>> Regards
> >>>
> >>> Matt
> >>
> >> Hi Greg,
> >>
> >> could you please add the above mentioned two patches
> >>
> >> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=27d0e5bc85f3341b9ba66f0c23627cf9d7538c9d
> >>
> >>
> reiserfs: fix corruption introduced by balance_leaf refactor
> >>
> >>
> >> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=01777836c87081e4f68c4a43c9abe6114805f91e
> >>
> >>
> reiserfs: Fix use after free in journal teardown
> >>
> >> in next stable (3.16.3) kernel ?
> >>
> >> more and more people seem to be affected by the data corruption
> >> introduced by the recent changes.
> >>
> >>
> >> Reading through Documentation/stable_kernel_rules.txt,
> >> http://cwe.mitre.org/data/definitions/416.html and
> >> http://www.hpenterprisesecurity.com/vulncat/en/vulncat/cpp/use_after_free.html
> >>
> >>
> >>
> both patches seem relevant enough (concerning data integrity
> >> filesystem-wise and security) to be included for the stable
> >> branch
> >
> > I'll queue this up when I get a chance, there are over 300 patches
> > pending for the stable kernels right now :(
> >
> > Also, in the future, always cc stable@xxxxxxxxxxxxxxx for any
> > stable requests so that they don't get lost.
>
> Hi Greg -
>
> 27d0e5bc85f3341b9ba66f0c23627cf9d7538c9d
> Author: Jeff Mahoney <jeffm@xxxxxxxx>
> Date: Mon Aug 4 19:51:47 2014 -0400
>
> reiserfs: fix corruption introduced by balance_leaf refactor
>
> Commits f1f007c308e (reiserfs: balance_leaf refactor, pull out
> balance_leaf_insert_left) and cf22df182bf (reiserfs: balance_leaf
> refactor, pull out balance_leaf_paste_left) missed that the `body'
> pointer was getting repositioned. Subsequent users of the pointer
> would expect it to be repositioned, and as a result, parts of the
> tree would get overwritten. The most common observed corruption
> is indirect block pointers being overwritten.
>
> Since the body value isn't actually used anymore in the called
> routines,
> we can pass back the offset it should be shifted. We constify the body
> and ih pointers in the balance_leaf as a mostly-free preventative
> measure.
>
> Cc: <stable@xxxxxxxxxxxxxxx> # 3.16
> Reported-and-tested-by: Jeff Chua <jeff.chua.linux@xxxxxxxxx>
> Signed-off-by: Jeff Mahoney <jeffm@xxxxxxxx>
> Signed-off-by: Jan Kara <jack@xxxxxxx>
>
> Should there have been more? I thought it was enough to add the Cc
> tag. This one has been in the tree, with the tags and with
> "corruption" in the Subject since 13 Aug. I know you're busy but this
> seems like a pretty obvious candidate for stable inclusion.
You marked this one just fine, it's just that, again, I have over 300+
patches in the "marked for stable" queue right now, this patch is in
good company...
greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/