lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 3 Sep 2015 13:49:37 +0200
From:	Andrey Konovalov <andreyknvl@...gle.com>
To:	Tejun Heo <tj@...nel.org>
Cc:	Jens Axboe <axboe@...com>, Jan Kara <jack@...e.cz>,
	linux-mm@...ck.org, linux-kernel@...r.kernel.org,
	Dmitry Vyukov <dvyukov@...gle.com>,
	Alexander Potapenko <glider@...gle.com>,
	Kostya Serebryany <kcc@...gle.com>
Subject: Re: Use-after-free in page_cache_async_readahead

On Wed, Sep 2, 2015 at 9:40 PM, Tejun Heo <tj@...nel.org> wrote:
> Hello, Andrey.

Hello Tejun,

> On Wed, Sep 02, 2015 at 01:08:52PM +0200, Andrey Konovalov wrote:
>> While running KASAN on 4.2 with Trinity I got the following report:
>>
>> ==================================================================
>> BUG: KASan: use after free in page_cache_async_readahead+0x2cb/0x3f0
>> at addr ffff880034bf6690
>> Read of size 8 by task sshd/2571
>> =============================================================================
>> BUG kmalloc-16 (Tainted: G        W      ): kasan: bad access detected
>> -----------------------------------------------------------------------------
>>
>> Disabling lock debugging due to kernel taint
>> INFO: Allocated in bdi_init+0x168/0x960 age=554826 cpu=0 pid=6
>
> Can you please verify that the following patch fixes the issue?

I've hit this bug only twice during 24 hours of fuzzing, so there's no
fast way to verify this.
I'll be testing with your patch now, and I'll let you know if I hit
the bug again.

Thanks!
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ