lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 22 Aug 2017 23:23:49 +0200
From:   Stefano Brivio <sbrivio@...hat.com>
To:     Jacob Keller <jacob.e.keller@...el.com>
Cc:     Intel Wired LAN <intel-wired-lan@...ts.osuosl.org>,
        netdev@...r.kernel.org, stable@...r.kernel.org,
        Juergen Gross <jgross@...e.com>
Subject: Re: [PATCH v2] i40e/i40evf: fix out-of-bounds read of cpumask

[Fixed Cc: address for stable, Cc'ed Juergen]

On Tue, 22 Aug 2017 14:04:42 -0700
Jacob Keller <jacob.e.keller@...el.com> wrote:

> When responding to an affinity hint we directly copied a cpumask value,
> intsead of using cpumask_copy. According to cpumask.h this is not
> correct because cpumask_t is only guaranteed to have enough space for
> the number of CPUs in the system, and may not be as big as we expect.
> Thus a direct copy results in an out-of-bound read and potentially
> a crash if the pages are aligned just right. This will be easily
> detected on a kernel with KASAN enabled:

I still think commit message of my patch
(ae9c9586f61e914dc1c6fe2e6ac1fb2bf07283bc.1502792828.git.sbrivio@...hat.com)
was perhaps a bit clearer, but okay, this is also clear, fair enough.

> KASAN reports:
> [   25.242312] BUG: KASAN: slab-out-of-bounds in i40e_irq_affinity_notify+0x30/0x50 [i40e] at addr ffff880462eea960
[...]
> [   25.242597] ==================================================================

This is also taken from my message, not terribly happy about it
(and still happier with it than without). Fair enough, whatever it
takes to get this applied as soon as possible...

> Fixes: 96db776a3682 ("i40e/i40evf: fix interrupt affinity bug", 2016-09-14)
> Signed-off-by: Jacob Keller <jacob.e.keller@...el.com>
> Cc: stable@...r.kernel.org # 4.10+

FWIW,

Acked-by: Stefano Brivio <sbrivio@...hat.com>


--
Stefano

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ