On 12/13/2016, 06:09 PM, Linus Torvalds wrote: > On Tue, Dec 13, 2016 at 9:05 AM, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote: >> >> I really doubt it - there might be something subtle I'd missed, but AFAICS >> it is vulnerable to the scenario above. > > Hmm. So maybe just add > > if (segment_eq(get_fs(), KERNEL_DS)) > return -EINVAL; > > to blk_rq_map_user_iov()? BTW, is this a fix (or related): https://patchwork.kernel.org/patch/9467743/ ? This seems to land into SUSE repositories as a fix for the CVE if I am looking correctly. thanks, -- js suse labs -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html