| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <561F4EEA.60203@huawei.com>
Date: Thu, 15 Oct 2015 14:59:54 +0800
From: zhong jiang <zhongjiang@...wei.com>
To: <akpm@...ux-foundation.org>, <adech.fo@...il.com>,
<ryabinin.a.a@...il.com>
CC: <linux-mm@...ck.org>, <linux-kernel@...r.kernel.org>,
<kasan-dev@...glegroups.com>, <qiuxishi@...wei.com>,
<guohanjun@...wei.com>, <zhangdianfang@...wei.com>
Subject: some problems about kasan
1、 I feel confused about one of the cases when testing the cases kasan can solve . the function come from the kernel in the /lib/test_kasan.c.
static noinline void __init kmalloc_uaf2(void)
{
char *ptr1, *ptr2;
size_t size = 43;
pr_info("use-after-free after another kmalloc\n");
ptr1 = kmalloc(size, GFP_KERNEL);
if (!ptr1) {
pr_err("Allocation failed\n");
return;
}
kfree(ptr1);
ptr2 = kmalloc(size, GFP_KERNEL);
if (!ptr2) {
pr_err("Allocation failed\n");
return;
}
ptr1[40] = 'x';
kfree(ptr2);
}
In the above function, the point ptr1 are probably the same as the ptr2 . so the error not certain to occur.
2、Is the stack local variable out of bound access set by the GCC ? I don't see any operate in the kernel
3、I want to know that the global variable size include redzone is allocated by the module_alloc().
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists