lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Aug 2017 15:02:27 -0700 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-kernel@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable@...r.kernel.org, Matthew Dawson <matthew@...systems.ca>, Andrey Ryabinin <aryabinin@...tuozzo.com>, Andrew Morton <akpm@...ux-foundation.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Andrii Bordunov <aborduno@...co.com> Subject: [PATCH 4.4 13/15] mm/mempool: avoid KASAN marking mempool poison checks as use-after-free 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Matthew Dawson <matthew@...systems.ca> commit 7640131032db9118a78af715ac77ba2debeeb17c upstream. When removing an element from the mempool, mark it as unpoisoned in KASAN before verifying its contents for SLUB/SLAB debugging. Otherwise KASAN will flag the reads checking the element use-after-free writes as use-after-free reads. Signed-off-by: Matthew Dawson <matthew@...systems.ca> Acked-by: Andrey Ryabinin <aryabinin@...tuozzo.com> Signed-off-by: Andrew Morton <akpm@...ux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Andrii Bordunov <aborduno@...co.com> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org> --- mm/mempool.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/mempool.c +++ b/mm/mempool.c @@ -135,8 +135,8 @@ static void *remove_element(mempool_t *p void *element = pool->elements[--pool->curr_nr]; BUG_ON(pool->curr_nr < 0); - check_element(pool, element); kasan_unpoison_element(pool, element); + check_element(pool, element); return element; }
Powered by blists - more mailing lists