On Wed, 2017-04-19 at 16:42 +0200, Greg Kroah-Hartman wrote:
> On Wed, Apr 19, 2017 at 03:15:02PM +0100, Ben Hutchings wrote:
> > On Wed, 2017-04-19 at 14:16 +0200, Greg Kroah-Hartman wrote:
> > > On Tue, Apr 18, 2017 at 01:49:41AM +0100, Ben Hutchings wrote:
> > > > Brad Spengler pointed out these fixes elsewhere:
> > > >
> > > > 43fab9793c1f [media] dvb-usb: don't use stack for firmware load
> > > > 67b0503db9c2 [media] dvb-usb-firmware: don't do DMA on stack
> > > > 3f190e3aec21 [media] cxusb: Use a dma capable buffer also for reading
> > > > c4baad50297d virtio-console: avoid DMA from stack
> > > >
> > > > For 4.9, the first one needs some adjustment - use the attached patch.
> > > > The rest apply cleanly.
> > > >
> > > > For 4.10, you can skip the first two as they've already been applied.
> > >
> > > Thanks for this shorter list. I'll go through the rest of the list of
> > > patches that Brad pointed out on oss-security.
> > >
> > > Oh, and you did notice he said that
> > > a4866aa81251 ("mm: Tighten x86 /dev/mem with zeroing reads")
> > > should be applied to stable kernels, right? I've queued it up for the
> > > ones I manage.
> >
> > Yes, though it's not a meaningful security fix by itself.
>
> What do you mean "by itself"? Is there something else that needs to be
> added here, or just that the patch doesn't really change all that much?
- It doesn't prevent access to low RAM through mmap() of /dev/mem, only
read() and write()
- There are many other ways for privileged users to write to RAM unless
the lockdown patch set is applied
Ben.
--
Ben Hutchings
Man invented language to satisfy his deep need to complain. - Lily
Tomlin
Attachment:
signature.asc
Description: This is a digitally signed message part