lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Jun 2016 19:01:46 -0500 From: Tom Zanussi <tom.zanussi@...ux.intel.com> To: Steven Rostedt <rostedt@...dmis.org>, Dmitry Vyukov <dvyukov@...gle.com> CC: Ingo Molnar <mingo@...hat.com>, LKML <linux-kernel@...r.kernel.org> Subject: Re: trace: use-after-free in hist_unreg_all Hi Steve, On 06/28/2016 09:43 AM, Steven Rostedt wrote: > On Tue, 28 Jun 2016 14:58:50 +0200 > Dmitry Vyukov <dvyukov@...gle.com> wrote: > >> Hello, >> >> While running tools/testing/selftests test suite with KASAN I hit the >> following use-after-free report: >> >> >> >> ================================================================== >> BUG: KASAN: use-after-free in hist_unreg_all+0x1a1/0x1d0 at addr >> ffff880031632cc0 >> Read of size 8 by task ftracetest/7413 >> ============================================================================= >> BUG kmalloc-128 (Not tainted): kasan: bad access detected >> ----------------------------------------------------------------------------- > > Thanks for the report. Can you check if this patch fixes the issue? > > -- Steve > > diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c > index 0c05b8a99806..948adb4b6761 100644 > --- a/kernel/trace/trace_events_hist.c > +++ b/kernel/trace/trace_events_hist.c > @@ -1699,9 +1699,9 @@ hist_enable_get_trigger_ops(char *cmd, char *param) > > static void hist_enable_unreg_all(struct trace_event_file *file) This does fix the problem, if put on hist_unreg_all() instead of this ;-) Actually, with that gone, I see another problem with the multihist test, which I'm digging into now. Actually, I should really run through my whole testsuite with KASAN turned on... Thanks for the initial patch, in any case. Tom > { > - struct event_trigger_data *test; > + struct event_trigger_data *test, *n; > > - list_for_each_entry_rcu(test, &file->triggers, list) { > + list_for_each_entry_safe(test, n, &file->triggers, list) { > if (test->cmd_ops->trigger_type == ETT_HIST_ENABLE) { > list_del_rcu(&test->list); > update_cond_flag(file); >
Powered by blists - more mailing lists