lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 21 Feb 2014 16:48:23 +0100
From:	Jan Kara <jack@...e.cz>
To:	Richard Weinberger <richard.weinberger@...il.com>
Cc:	poma <pomidorabelisima@...il.com>,
	Mailing-List fedora-kernel <kernel@...ts.fedoraproject.org>,
	Linux Kernel list <linux-kernel@...r.kernel.org>,
	Josh Boyer <jwboyer@...hat.com>,
	"Justin M. Forbes" <jforbes@...hat.com>,
	Stanislaw Gruszka <sgruszka@...hat.com>,
	Jiri Kosina <jkosina@...e.cz>, Dave Jones <davej@...hat.com>,
	Jan Kara <jack@...e.cz>, Christoph Hellwig <hch@....de>,
	eparis@...isplace.org, Al Viro <viro@...iv.linux.org.uk>,
	Hugh Dickins <hughd@...gle.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: BUG: unable to handle kernel paging request at 0000000100000003
 - Oops: 0000 [#1] SMP

On Fri 21-02-14 14:08:03, Richard Weinberger wrote:
> On Fri, Feb 21, 2014 at 12:40 PM, poma <pomidorabelisima@...il.com> wrote:
> >
> > Affected kernels - 3.14.0-0.rc3*:
> >
> > - 3.14.0-0.rc3.git0.1
> >   http://koji.fedoraproject.org/koji/buildinfo?buildID=498711
> >
> > - 3.14.0-0.rc3.git0.7 based on 3.14.0-0.rc3.git0.1
> >
> > - 3.14.0-0.rc3.git2.1
> >   http://koji.fedoraproject.org/koji/buildinfo?buildID=499061
> >
> > - 3.14.0-0.rc3.git5.1
> >   http://koji.fedoraproject.org/koji/buildinfo?buildID=499636
> >
> > Memtest86+ 4.20 - OK
> > http://goo.gl/1nm1nV
> >
> > RHBZ
> > https://bugzilla.redhat.com/show_bug.cgi?id=1067919
> >
> > messages-Oops-es-3.14.0-0.rc3
> > https://bugzilla.redhat.com/attachment.cgi?id=865926
> 
> Maybe commits 7053aee26a3548ebaba046ae2e52396ccf56ac6c (fsnotify: do
> not share events between notification groups)
> and 85816794240b9659e66e4d9b0df7c6e814e5f603 (fanotify: Fix use after
> free for permission events) introduced this regression.
  So the immediate problem seems to be that event->tgid is 0xffffffff
instead of a pointer. I don't see how this could be use after free and we
unconditionally initialize event->tgid to something sensible. Hum, but if
it is an overflow event, we are in a trouble since that doesn't have ->tgid
field at all so we read random crap that happens to be beyond the event
structure. Actually there seem to be more problems in the handling of
overflow event so I better add that to my testing (both for fanotify and
inotify). I'll work on the fix. Thanks for report!

								Honza
-- 
Jan Kara <jack@...e.cz>
SUSE Labs, CR
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ