lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CACCg+XNMwuYeyVKaVByXGSwrYSMVj9mfaicwKizA7y_kFb+CPA@mail.gmail.com>
Date:   Fri, 10 Feb 2017 14:44:45 +0800
From:   Macpaul Lin <macpaul@...il.com>
To:     Felipe Balbi <balbi@...nel.org>
Cc:     Jim Lin <jilin@...dia.com>,
        "linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] usb: gadget: configfs: Fix KASAN use-after-free

Hi Jim,

> Jim Lin <jilin@...dia.com> writes:
> > When gadget is disconnected, running sequence is like this.
> > . composite_disconnect
> > . Call trace:
> >   usb_string_copy+0xd0/0x128
> >   gadget_config_name_configuration_store+0x4
> >   gadget_config_name_attr_store+0x40/0x50
> >   configfs_write_file+0x198/0x1f4
> >   vfs_write+0x100/0x220
> >   SyS_write+0x58/0xa8
> > . configfs_composite_unbind
> > . configfs_composite_bind
> >

[deleted]

> > When "strlen(s->s) of usb_gadget_get_string is being executed, the dangling
> > memory is accessed, "BUG: KASAN: use-after-free" error occurs.
> >
> > Signed-off-by: Jim Lin <jilin@...dia.com>
> > ---
> > Changes in v2:
> > Changes in v3:
> >  Change commit description
>
> well, I need to be sure you tested this with Linus' tree. The reason I'm
> asking is because this could be a bug caused by Android changes. From
> your previous patch, the problem started with android_setup().
>
> Please test with v4.10-rc4 and any configfs-based gadget.
>
> --
> balbi

I've got the similar problem on Android, however,
Linux guys require you and other people to test your patch on pure Linux.
Since Linux is exactly a "PC" based OS, only common patches should be
commit to Linux code base.
Except the bug is quite common in 3 OS, in "Linux PC" and in "Android
Linux" or "Chromium OS".

I'm not sure about the difference between Chromium OS and Linux PC.
According to CVE report, it looks like the change is from  Chromium OS?
Dose Nvidia has a pure Linux software team can verify your patch on
your platform?
I think if you can prove the result is okay on Linux PC or on Chromium
OS will help.

-- 
Best regards,
Macpaul Lin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ