Hi, On 21/11/16 10:25, G. Campana wrote: > On 11/18/2016 06:55 PM, Will Deacon wrote: >> On Thu, Nov 10, 2016 at 04:21:06PM +0100, G. Campana wrote: >>> This patch series should fix different vulnerabilities found in virtio 9p >>> (http://www.spinics.net/lists/kvm/msg130505.html), but it definitely needs some >>> testing. By the way, the very same path traversal vulnerability was also found >>> in Qemu in August: http://www.openwall.com/lists/oss-security/2016/08/30/1 >>> and the path traversal fix looks quite similar. >> >> I applied patches 1-4, but patch 5 actually breaks things for me: You seem to have missed this sentence: Will has merged the first four patches already, please update your repository from [1]. >> >> [ 0.659365] Freeing unused kernel memory: 1024K (ffff800000c50000 - ffff800000d50000) >> [ 0.661269] Kernel panic - not syncing: Requested init /virt/init failed (error -36). >> [ 0.662542] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 4.9.0-rc4-00005-gf43365ee17f8 #1 >> [ 0.664009] Hardware name: linux,dummy-virt (DT) >> [ 0.664868] Call trace: >> [ 0.665332] [<ffff000008088428>] dump_backtrace+0x0/0x1a8 >> [ 0.666342] [<ffff0000080885e4>] show_stack+0x14/0x20 >> [ 0.667284] [<ffff000008376fac>] dump_stack+0x94/0xb8 >> [ 0.668236] [<ffff000008166d64>] panic+0x114/0x27c >> [ 0.669131] [<ffff00000889bc30>] kernel_init+0xa0/0x100 >> [ 0.670112] [<ffff000008082e80>] ret_from_fork+0x10/0x50 >> [ 0.671118] SMP: stopping secondary CPUs >> [ 0.682308] Kernel Offset: disabled >> [ 0.682889] Memory Limit: none >> [ 0.683390] ---[ end Kernel panic - not syncing: Requested init /virt/init failed (error -36). >> >> I tried replacing the memset of -1 with code to skip to the next file, >> but that didn't seem to help. >> >> Will >> > I introduced an error in patch 4 of v2: sizeof(full_path) must be > replaced by size. > > + ret = snprintf(full_path, size, "%s/%s", dirname, name); > + if (ret >= (int)sizeof(full_path)) { Can you do a patch on top of the latest HEAD? Cheers, Andre. [1] git://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
