lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 22 Aug 2017 21:48:40 +0000
From:   "Keller, Jacob E" <jacob.e.keller@...el.com>
To:     Stefano Brivio <sbrivio@...hat.com>
CC:     Intel Wired LAN <intel-wired-lan@...ts.osuosl.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "stable@...r.kernel.org" <stable@...r.kernel.org>,
        Juergen Gross <jgross@...e.com>
Subject: RE: [PATCH v2] i40e/i40evf: fix out-of-bounds read of cpumask

> -----Original Message-----
> From: netdev-owner@...r.kernel.org [mailto:netdev-owner@...r.kernel.org] On
> Behalf Of Stefano Brivio
> Sent: Tuesday, August 22, 2017 2:24 PM
> To: Keller, Jacob E <jacob.e.keller@...el.com>
> Cc: Intel Wired LAN <intel-wired-lan@...ts.osuosl.org>; netdev@...r.kernel.org;
> stable@...r.kernel.org; Juergen Gross <jgross@...e.com>
> Subject: Re: [PATCH v2] i40e/i40evf: fix out-of-bounds read of cpumask
> 
> [Fixed Cc: address for stable, Cc'ed Juergen]
> 
> On Tue, 22 Aug 2017 14:04:42 -0700
> Jacob Keller <jacob.e.keller@...el.com> wrote:
> 
> > When responding to an affinity hint we directly copied a cpumask value,
> > intsead of using cpumask_copy. According to cpumask.h this is not
> > correct because cpumask_t is only guaranteed to have enough space for
> > the number of CPUs in the system, and may not be as big as we expect.
> > Thus a direct copy results in an out-of-bound read and potentially
> > a crash if the pages are aligned just right. This will be easily
> > detected on a kernel with KASAN enabled:
> 
> I still think commit message of my patch
> (ae9c9586f61e914dc1c6fe2e6ac1fb2bf07283bc.1502792828.git.sbrivio@...hat.co
> m)
> was perhaps a bit clearer, but okay, this is also clear, fair enough.
> 
> > KASAN reports:
> > [   25.242312] BUG: KASAN: slab-out-of-bounds in
> i40e_irq_affinity_notify+0x30/0x50 [i40e] at addr ffff880462eea960
> [...]
> > [   25.242597]
> ==================================================================
> 
> This is also taken from my message, not terribly happy about it
> (and still happier with it than without). Fair enough, whatever it
> takes to get this applied as soon as possible...
> 
> > Fixes: 96db776a3682 ("i40e/i40evf: fix interrupt affinity bug", 2016-09-14)
> > Signed-off-by: Jacob Keller <jacob.e.keller@...el.com>
> > Cc: stable@...r.kernel.org # 4.10+
> 
> FWIW,
> 
> Acked-by: Stefano Brivio <sbrivio@...hat.com>
> 

I don't really care which message gets applied either, as long as we get it fixed. Either patch is fine with me.

Thanks,
Jake

> 
> --
> Stefano

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ