lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 03 Mar 2014 20:13:00 +0100
From:	poma <pomidorabelisima@...il.com>
To:	Jan Kara <jack@...e.cz>,
	Richard Weinberger <richard.weinberger@...il.com>
CC:	Mailing-List fedora-kernel <kernel@...ts.fedoraproject.org>,
	Linux Kernel list <linux-kernel@...r.kernel.org>,
	Josh Boyer <jwboyer@...hat.com>,
	"Justin M. Forbes" <jforbes@...hat.com>,
	Stanislaw Gruszka <sgruszka@...hat.com>,
	Jiri Kosina <jkosina@...e.cz>, Dave Jones <davej@...hat.com>,
	Christoph Hellwig <hch@....de>, eparis@...isplace.org,
	Al Viro <viro@...iv.linux.org.uk>,
	Hugh Dickins <hughd@...gle.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: BUG: unable to handle kernel paging request at 0000000100000003
 - Oops: 0000 [#1] SMP

On 21.02.2014 16:48, Jan Kara wrote:
> On Fri 21-02-14 14:08:03, Richard Weinberger wrote:
>> On Fri, Feb 21, 2014 at 12:40 PM, poma <pomidorabelisima@...il.com> wrote:
>>>
>>> Affected kernels - 3.14.0-0.rc3*:
>>>
>>> - 3.14.0-0.rc3.git0.1
>>>   http://koji.fedoraproject.org/koji/buildinfo?buildID=498711
>>>
>>> - 3.14.0-0.rc3.git0.7 based on 3.14.0-0.rc3.git0.1
>>>
>>> - 3.14.0-0.rc3.git2.1
>>>   http://koji.fedoraproject.org/koji/buildinfo?buildID=499061
>>>
>>> - 3.14.0-0.rc3.git5.1
>>>   http://koji.fedoraproject.org/koji/buildinfo?buildID=499636
>>>
>>> Memtest86+ 4.20 - OK
>>> http://goo.gl/1nm1nV
>>>
>>> RHBZ
>>> https://bugzilla.redhat.com/show_bug.cgi?id=1067919
>>>
>>> messages-Oops-es-3.14.0-0.rc3
>>> https://bugzilla.redhat.com/attachment.cgi?id=865926
>>
>> Maybe commits 7053aee26a3548ebaba046ae2e52396ccf56ac6c (fsnotify: do
>> not share events between notification groups)
>> and 85816794240b9659e66e4d9b0df7c6e814e5f603 (fanotify: Fix use after
>> free for permission events) introduced this regression.
>   So the immediate problem seems to be that event->tgid is 0xffffffff
> instead of a pointer. I don't see how this could be use after free and we
> unconditionally initialize event->tgid to something sensible. Hum, but if
> it is an overflow event, we are in a trouble since that doesn't have ->tgid
> field at all so we read random crap that happens to be beyond the event
> structure. Actually there seem to be more problems in the handling of
> overflow event so I better add that to my testing (both for fanotify and
> inotify). I'll work on the fix. Thanks for report!
> 
> 								Honza
> 

The test was successfully completed with the '3.14-rc5'.
Thanks guys, Jan for the patchwork!


poma


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ