lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <8760nl1z2m.fsf@tassilo.jf.intel.com>
Date:   Thu, 17 Nov 2016 15:11:45 -0800
From:   Andi Kleen <andi@...stfloor.org>
To:     Vince Weaver <vincent.weaver@...ne.edu>
Cc:     "linux-kernel\@vger.kernel.org" <linux-kernel@...r.kernel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...hat.com>,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        "dvyukov\@google.com" <dvyukov@...gle.com>,
        alexander.shishkin@...el.com
Subject: Re: perf: fuzzer KASAN: global-out-of-bounds in match_token

Vince Weaver <vincent.weaver@...ne.edu> writes:

Adding Alex since it seems to be related to PT code.

> So got my skylake machine re-compiled with gcc-5 and got this.
>
> Should I keep reporting these, or is everyone fuzzing now so you're all 
> hitting them too?
>
> [  911.507365] ==================================================================
> [  911.514824] BUG: KASAN: global-out-of-bounds in match_token+0x268/0x310 at addr ffffffffb14ad058
> [  911.523912] Read of size 8 by task perf_fuzzer/20662
> [  911.528945] Address belongs to variable if_tokens+0x78/0xa0
> [  911.534619] CPU: 7 PID: 20662 Comm: perf_fuzzer Tainted: G             L  4.9.0-rc5+ #12
> [  911.534620] Hardware name: LENOVO 10FY0017US/SKYBAY, BIOS FWKT53A   06/06/2016
> [  911.534622]  ffff8801efd2f970 ffffffffb0f17c88 ffff8801efd2fa08 ffffffffb14ad058
> [  911.534624]  ffff8801efd2f9f8 ffffffffb0d0a9f3 1ffff1003dfa5f38 ffff8801efd2fc38
> [  911.534627]  ffff8801f12ca100 0000000000000297 ffff8801efd2fc38 ffff8801efd2fa38
> [  911.534629] Call Trace:
> [  911.534633]  [<ffffffffb0f17c88>] dump_stack+0x63/0x8b
> [  911.534636]  [<ffffffffb0d0a9f3>] kasan_report_error+0x493/0x4c0
> [  911.534638]  [<ffffffffb0f27a43>] ? simple_strtoull+0x93/0xe0
> [  911.534640]  [<ffffffffb0d0b038>] kasan_report+0x58/0x60
> [  911.534642]  [<ffffffffb0f31008>] ? match_token+0x268/0x310
> [  911.534644]  [<ffffffffb0d0949e>] __asan_load8+0x5e/0x70
> [  911.534646]  [<ffffffffb0f31008>] match_token+0x268/0x310
> [  911.534649]  [<ffffffffb0d058f8>] ? kmem_cache_alloc_node_trace+0x108/0x5a0
> [  911.534651]  [<ffffffffb0f30da0>] ? match_wildcard+0x130/0x130
> [  911.534653]  [<ffffffffb0cbb4b5>] ? wp_page_copy+0x6f5/0xb80
> [  911.534656]  [<ffffffffb0c49668>] ? perf_event_set_addr_filter+0x1f8/0x630
> [  911.534658]  [<ffffffffb0c496bb>] perf_event_set_addr_filter+0x24b/0x630
> [  911.534660]  [<ffffffffb0c49470>] ? perf_pin_task_context+0xd0/0xd0
> [  911.534663]  [<ffffffffb0d09976>] ? kasan_unpoison_shadow+0x36/0x50
> [  911.534665]  [<ffffffffb0d09add>] ? kasan_kmalloc+0xad/0xe0
> [  911.534667]  [<ffffffffb0d06a0b>] ? __kmalloc_track_caller+0x10b/0x580
> [  911.534669]  [<ffffffffb0cbccd0>] ? vm_normal_page+0x130/0x130
> [  911.534671]  [<ffffffffb0c9fe06>] ? strndup_user+0x46/0x70
> [  911.534673]  [<ffffffffb0d097d4>] ? kasan_check_write+0x14/0x20
> [  911.534675]  [<ffffffffb0c9fd8d>] ? memdup_user+0x4d/0x80
> [  911.534677]  [<ffffffffb0c56a7a>] perf_ioctl+0x5fa/0x810
> [  911.534680]  [<ffffffffb0c56480>] ? SYSC_perf_event_open+0x11e0/0x11e0
> [  911.534682]  [<ffffffffb0cc1472>] ? handle_mm_fault+0x602/0x1c30
> [  911.534684]  [<ffffffffb0d589bb>] do_vfs_ioctl+0x14b/0x920
> [  911.534686]  [<ffffffffb0d58870>] ? ioctl_preallocate+0x160/0x160
> [  911.534689]  [<ffffffffb0e36be3>] ? security_file_permission+0xd3/0x100
> [  911.534692]  [<ffffffffb0c59af8>] ? __perf_sw_event+0x98/0xc0
> [  911.534694]  [<ffffffffb0aa0639>] ? __do_page_fault+0x579/0x650
> [  911.534696]  [<ffffffffb0d59209>] SyS_ioctl+0x79/0x90
> [  911.534699]  [<ffffffffb13f493b>] entry_SYSCALL_64_fastpath+0x1e/0xad
> [  911.534700] Memory state around the buggy address:
> [  911.539563]  ffffffffb14acf00: fa fa fa fa 06 fa fa fa fa fa fa fa 06 fa fa fa
> [  911.546942]  ffffffffb14acf80: fa fa fa fa 03 fa fa fa fa fa fa fa 00 00 00 00
> [  911.554269] >ffffffffb14ad000: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa
> [  911.561598]                                                     ^
> [  911.567800]  ffffffffb14ad080: 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa
> [  911.575138]  ffffffffb14ad100: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
> [  911.582492] ==================================================================

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ