| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <22EA7360-E2FC-4A23-BF0B-EFDE523F9605@kernel.org>
Date: Thu, 02 Mar 2023 13:57:57 -0800
From: Kees Cook <kees@...nel.org>
To: Jakub Kicinski <kuba@...nel.org>, Kees Cook <keescook@...omium.org>
CC: linux-hardening@...r.kernel.org, bpf@...r.kernel.org
Subject: Re: splat in ikheaders_read (bpftrace)
On March 2, 2023 11:21:30 AM PST, Jakub Kicinski <kuba@...nel.org> wrote:
>Hi Kees!
>
>Running tests on net (Linus's tree as of Monday) I get this splat
>trying to attach bpftrace to a tracepoint:
Can you give me an example command line to try to repro this?
>
>[ 2468.945793] kernel BUG at lib/string_helpers.c:1027!
Were there any lines above this? It must be memcpy blowing up due to what it thinks is an overflow from having tracked an allocation size (that's the major change this cycle).
>[ 2468.949683] RIP: 0010:fortify_panic+0xf/0x20
>...
>[ 2468.961930] Call Trace:
>[ 2468.962300] <TASK>
>[ 2468.962611] ikheaders_read+0x45/0x50 [kheaders]
static ssize_t
ikheaders_read(struct file *file, struct kobject *kobj,
struct bin_attribute *bin_attr,
char *buf, loff_t off, size_t len)
{
memcpy(buf, &kernel_headers_data + off, len);
return len;
}
I will take a look at the caller's allocation of "buf" and kernel_headers_data.
-Kees
--
Kees Cook
Powered by blists - more mailing lists