linux-kernel - Re: [PATCH 6/6] kasan: improve double-free reports.

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <57A0933F.8000706@virtuozzo.com>
Date:	Tue, 2 Aug 2016 15:34:07 +0300
From:	Andrey Ryabinin <aryabinin@...tuozzo.com>
To:	Alexander Potapenko <glider@...gle.com>
CC:	Andrew Morton <akpm@...ux-foundation.org>,
	Dave Jones <davej@...emonkey.org.uk>,
	Vegard Nossum <vegard.nossum@...cle.com>,
	"Sasha Levin" <alexander.levin@...izon.com>,
	Dmitry Vyukov <dvyukov@...gle.com>,
	kasan-dev <kasan-dev@...glegroups.com>,
	LKML <linux-kernel@...r.kernel.org>,
	Linux Memory Management List <linux-mm@...ck.org>
Subject: Re: [PATCH 6/6] kasan: improve double-free reports.



On 08/02/2016 02:39 PM, Alexander Potapenko wrote:

>> +static void kasan_end_report(unsigned long *flags)
>> +{
>> +       pr_err("==================================================================\n");
>> +       add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);
> Don't we want to add the taint as early as possible once we've
> detected the error?

What for?
It certainly shouldn't be before dump_stack(), otherwise on the first report the kernel will claimed as tainted.


>>
>> +void kasan_report_double_free(struct kmem_cache *cache, void *object,
>> +                       s8 shadow)
>> +{
>> +       unsigned long flags;
>> +
>> +       kasan_start_report(&flags);
>> +       pr_err("BUG: Double free or corrupt pointer\n");
> How about "Double free or freeing an invalid pointer\n"?
> I think "corrupt pointer" doesn't exactly reflect where the bug is.

Ok