| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Apr 2013 23:06:28 +0200
From: Borislav Petkov <bp@...en8.de>
To: linux-fsdevel@...r.kernel.org
Cc: lkml <linux-kernel@...r.kernel.org>
Subject: WARNING: kmemcheck: Caught 64-bit read from uninitialized memory
(ffff88007bf9d021)
Hi guys,
I trigger the below kmemcheck warning on linux-next from 4/19. It looks
like one of those 'name' arguments to link_path_walk is initialized.
I've added some debug output to see when exactly it happens (timestamps
are different because I've pasted in the original warning and not the
one with the debug output which changes code offsets and registers):
[ 21.221212] link_path_walk: will hash: dev
[ 21.222814] filename_lookup: after first path_lookupat
[ 20.852081] WARNING: kmemcheck: Caught 64-bit read from uninitialized memory (ffff88007bf9d021)
[ 20.853961] 2f64657600013446000000000000000000000000000000000000000000000000
[ 20.856249] i i i i i i i i u u u u u u u u u u u u u u u u u u u u u u u u
[ 20.858474] ^
[ 20.858893] RIP: 0010:[<ffffffff81222b3b>] [<ffffffff81222b3b>] link_path_walk+0x13b/0xdb0
[ 20.860772] RSP: 0000:ffff88007bcf3bb8 EFLAGS: 00010257
[ 20.861930] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 20.863484] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 20.865129] RBP: ffff88007bcf3c58 R08: 00000000000ba226 R09: 8080808080808080
[ 20.866678] R10: fefefefefefefeff R11: 2f2f2f2f2f2f2f2f R12: ffff88007bcf8000
[ 20.868269] R13: ffff88007bf9d021 R14: ffff88007bcf3d28 R15: ffff88007bcf3d58
[ 20.869812] FS: 0000000000000000(0000) GS:ffff88007e600000(0000) knlGS:0000000000000000
[ 20.871581] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 20.872873] CR2: ffff88007bfd0040 CR3: 000000000360f000 CR4: 00000000000006f0
[ 20.874416] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 20.876839] DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400
[ 20.879395] [<ffffffff8122381e>] path_lookupat+0x6e/0xbf0
[ 20.881461] [<ffffffff812243d6>] filename_lookup.isra.29+0x36/0xb0
[ 20.883736] [<ffffffff81224535>] do_path_lookup+0x35/0x40
[ 20.885780] [<ffffffff81226cad>] kern_path_create+0x3d/0x200
[ 20.887882] [<ffffffff81226f3d>] user_path_create+0x5d/0x90
[ 20.889998] [<ffffffff8122756c>] SyS_mkdirat+0x3c/0x140
[ 20.891941] [<ffffffff8122768c>] SyS_mkdir+0x1c/0x30
[ 20.893839] [<ffffffff83ef6d71>] default_rootfs+0x1e/0xa0
[ 20.895885] [<ffffffff83ef5408>] do_one_initcall+0x44/0x183
[ 20.897998] [<ffffffff83ef575f>] kernel_init_freeable+0x218/0x31b
[ 20.900323] [<ffffffff8286eba1>] kernel_init+0x11/0x1b0
[ 20.902244] [<ffffffff828b9d2c>] ret_from_fork+0x7c/0xb0
[ 20.904267] [<ffffffffffffffff>] 0xffffffffffffffff
[ 21.269406] filename_lookup: after second path_lookupat
[ 21.270341] filename_lookup: after third path_lookupat
[ 21.271314] link_path_walk: will hash: dev/console
[ 21.272636] link_path_walk: will hash: console
[ 21.273818] filename_lookup: after first path_lookupat
[ 21.274724] filename_lookup: after second path_lookupat
[ 21.275660] filename_lookup: after third path_lookupat
[ 21.276633] link_path_walk: will hash: root
This triggers in a kvm guest and .config is attached.
HTH.
--
Regards/Gruss,
Boris.
Sent from a fat crate under my desk. Formatting is fine.
--
View attachment ".config" of type "text/plain" (88703 bytes)
Powered by blists - more mailing lists