oss-sec mailing list archives
Re: Linux kernel futex local privilege escalation (CVE-2014-3153)
From: rf () q-leap de
Date: Fri, 6 Jun 2014 16:24:23 +0200
"Greg" == Greg KH <greg () kroah com> writes:
Greg> On Fri, Jun 06, 2014 at 11:11:42AM +0200, rf () q-leap de wrote: >> >>>>> "Thomas" == Thomas Gleixner <tglx () linutronix de> writes: >> >> Hi Thomas, >> >> >> On Thu, Jun 05, 2014 at 11:38:27PM -0400, Rich Felker wrote: >> >> > On Thu, Jun 05, 2014 at 06:45:45PM +0400, Solar Designer >> >> > wrote: >> >> > > I've attached patches by Thomas Gleixner (four e-mails, in >> >> > > mbox format), as well as back-ports of those by John >> >> > > Johansen of Canonical, who wrote: >> >> > >> >> > Maybe I'm missing something, but I can't find any statement >> >> > of what version these patches are intended to apply cleanly >> >> > to. They don't apply to latest stable. >> >> >> >> Thomas - can you answer Rich's question? This is about >> >> patches you sent on June 3 to linux-distros, which Kees then >> >> saved into an mbox file. >> Thomas> They should apply cleanly, if all stable tagged futex Thomas> patches before that are applied. >> >> could you please clarify whether >> >> f0d71b3dcb8332f7971b5f2363632573e6d9486a futex: Prevent attaching >> to kernel threads 866293ee54227584ffcb4a42f69c1f365974ba7f futex: >> Add another early deadlock detection check Greg> As people keep asking me this, I'll respond with, "why Greg> wouldn't you apply them"? Greg> They are going to be in the next kernel stable releases, along Greg> with the other 4 patches, so I recommend them for your custom Greg> kernels as well. Thanks for the reply. I did read your earlier message. To answer your question: I only apply patches that are absolutely necessary to fix a known problem. Want to make sure the changed stuff doesn't lead to a regression somewhere else. Futex stuff is a central component in the kernel ... I can't judge about any possible side effects from reading the code ... and this kernel is going on a number of production clusters. Anyway, I've applied all the (2+4) patches to our 3.12. "futex: Make lookup_pi_state more robust" needed slight adjustment, but nothing serious. I'll go and test now. If someone wants the patch set, let me know. Then I can post it to the list. Roland ------- http://www.q-leap.com / http://qlustar.com --- HPC / Storage / Cloud Linux Cluster OS ---
Current thread:
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153), (continued)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Greg KH (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Kees Cook (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Phil Turnbull (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) John Johansen (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Rich Felker (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Solar Designer (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Rich Felker (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Thomas Gleixner (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) rf (Jun 06)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Greg KH (Jun 06)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) rf (Jun 06)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Greg KH (Jun 06)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) rf (Jun 06)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Rich Felker (Jun 06)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Greg KH (Jun 06)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Rich Felker (Jun 06)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Solar Designer (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Thomas Gleixner (Jun 07)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) mancha (Jun 07)