Re: [PATCH 2/2] aio: fix kernel memory disclosure in io_getevents() introduced in v3.10

Benjamin LaHaise writes: > On Tue, Jun 24, 2014 at 02:23:20PM -0400, Jeff Moyer wrote: >> Benjamin LaHaise writes: >> >> > A kernel memory disclosure was introduced in aio_read_events_ring() in >> > v3.10 >> > by commit a31ad380bed817aa25f8830ad23e1a0480fef797. The changes made to >> > aio_re

Re: [PATCH 2/2] aio: fix kernel memory disclosure in io_getevents() introduced in v3.10

On Tue, Jun 24, 2014 at 02:23:20PM -0400, Jeff Moyer wrote: > Benjamin LaHaise writes: > > > A kernel memory disclosure was introduced in aio_read_events_ring() in v3.10 > > by commit a31ad380bed817aa25f8830ad23e1a0480fef797. The changes made to > > aio_read_events_ring() failed to correctly lim

Re: [PATCH 2/2] aio: fix kernel memory disclosure in io_getevents() introduced in v3.10

Benjamin LaHaise writes: > A kernel memory disclosure was introduced in aio_read_events_ring() in v3.10 > by commit a31ad380bed817aa25f8830ad23e1a0480fef797. The changes made to > aio_read_events_ring() failed to correctly limit the index into > ctx->ring_pages[], allowing an attacked to cause t

[PATCH 2/2] aio: fix kernel memory disclosure in io_getevents() introduced in v3.10

A kernel memory disclosure was introduced in aio_read_events_ring() in v3.10 by commit a31ad380bed817aa25f8830ad23e1a0480fef797. The changes made to aio_read_events_ring() failed to correctly limit the index into ctx->ring_pages[], allowing an attacked to cause the subsequent kmap() of an arbitrar