lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 10 Aug 2018 19:29:30 -0700
From:   Sodagudi Prasad <psodagud@...eaurora.org>
To:     catalin.marinas@....com, will.deacon@....com, mark.rutland@....com,
        andreyknvl@...gle.com, keescook@...omium.org,
        akpm@...ux-foundation.org, gregkh@...uxfoundation.org
Cc:     linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        psodagud@...eaurora.org
Subject: KASAN errors from unwind_frame

Hi All,

I have observed following KASAN error with 4.14.56 kernel.
Can you please copy change-[1](kasan: add no_sanitize attribute for 
clang builds) into stable kernels?

[1] - 
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/include/linux/compiler-clang.h?h=v4.18-rc8&id=12c8f25a016dff69ee284aa3338bebfd2cfcba33


==================================================================
BUG: KASAN: out-of-bounds in __read_once_size_nocheck 
include/linux/compiler.h:196 [inline]
BUG: KASAN: out-of-bounds in unwind_frame+0xc4/0x324 
arch/arm64/kernel/stacktrace.c:56
Read of size 8 at addr ffffffe3123ff4b0 by task poc/15233

CPU: 7 PID: 15233 Comm: poc Tainted: G S      W  O    4.14.56+ #3
Hardware name: Qualcomm Technologies, Inc.
Call trace:
dump_backtrace+0x0/0x388
show_stack+0x24/0x30
__dump_stack+0x24/0x2c
dump_stack+0x8c/0xd0
print_address_description+0x74/0x234
kasan_report+0x240/0x264
__asan_report_load8_noabort+0x2c/0x38
unwind_frame+0xc4/0x324
walk_stackframe+0x44/0x6c
__save_stack_trace+0x250/0x444
save_stack_trace_tsk+0x2c/0x38
proc_pid_stack+0x134/0x268
proc_single_show+0xdc/0x130
traverse+0x244/0x5b0
seq_lseek+0x10c/0x27c
vfs_llseek+0xb4/0xe4
SyS_lseek+0x54/0xa0
el0_svc_naked+0x34/0x38

The buggy address belongs to the page:
page:ffffffbf8c48ffc0 count:0 mapcount:0 mapping:          (null) 
index:0x0
flags: 0x0()
raw: 0000000000000000 0000000000000000 0000000000000000 00000000ffffffff
raw: 0000000000000000 dead000000000200 0000000000000000 0000000000000000
page dumped because: kasan: bad access detected
page_owner info is not active (free page?)

Memory state around the buggy address:
ffffffe3123ff380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffe3123ff400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> ffffffe3123ff480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
ffffffe3123ff500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffe3123ff580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================

-Thanks, Prasad
-- 
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora 
Forum,
Linux Foundation Collaborative Project

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ