| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Dec 2017 13:44:31 +0100
From: Dmitry Vyukov <dvyukov@...gle.com>
To: akpm@...ux-foundation.org, aryabinin@...tuozzo.com
Cc: linux-mm@...ck.org, linux-kernel@...r.kernel.org,
kasan-dev@...glegroups.com, Dmitry Vyukov <dvyukov@...gle.com>
Subject: [PATCH 0/5] kasan: detect invalid frees
KASAN detects double-frees, but does not detect invalid-frees
(when a pointer into a middle of heap object is passed to free).
We recently had a very unpleasant case in crypto code which freed
an inner object inside of a heap allocation. This left unnoticed
during free, but totally corrupted heap and later lead to a bunch
of random crashes all over kernel code.
Detect invalid frees.
Dmitry Vyukov (5):
kasan: detect invalid frees for large objects
kasan: don't use __builtin_return_address(1)
kasan: detect invalid frees for large mempool objects
kasan: unify code between kasan_slab_free() and kasan_poison_kfree()
kasan: detect invalid frees
include/linux/kasan.h | 13 ++++----
lib/test_kasan.c | 83 +++++++++++++++++++++++++++++++++++++++++++++++++++
mm/kasan/kasan.c | 57 +++++++++++++++++++----------------
mm/kasan/kasan.h | 3 +-
mm/kasan/report.c | 5 ++--
mm/mempool.c | 6 ++--
mm/slab.c | 6 ++--
mm/slub.c | 10 +++----
8 files changed, 135 insertions(+), 48 deletions(-)
--
2.15.1.620.gb9897f4670-goog
Powered by blists - more mailing lists