lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Fri, 1 Dec 2017 10:58:28 +0900
From:   Sergey Senozhatsky <sergey.senozhatsky.work@...il.com>
To:     Andrey Ryabinin <aryabinin@...tuozzo.com>
Cc:     Sergey Senozhatsky <sergey.senozhatsky.work@...il.com>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Fengguang Wu <fengguang.wu@...el.com>,
        LKML <linux-kernel@...r.kernel.org>,
        Petr Mladek <pmladek@...e.com>,
        Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
        Steven Rostedt <rostedt@...dmis.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Ingo Molnar <mingo@...nel.org>,
        Aleksey Makarov <aleksey.makarov@...aro.org>,
        Nicolas Pitre <nicolas.pitre@...aro.org>,
        Nikitas Angelinas <nikitas.angelinas@...il.com>,
        LKP <lkp@...org>, kasan-dev <kasan-dev@...glegroups.com>
Subject: Re: [ 0.003333] BUG: KASAN: use-after-scope in
 console_unlock+0x605/0xcc0

On (11/30/17 16:07), Andrey Ryabinin wrote:
[..]
> >> You can try dirty patch from here:
> >> https://groups.google.com/d/msg/kasan-dev/iDb5bhcMBT0/55QzwWaHAwAJ
> >> It should make KASAN print the exact variable name and frame where it
> >> was allocated.
> > 
> > would be good if Fengguang can try this out. I can't reproduce the
> > problem on my x86 box (linux-next and Linus's trees both work fine
> > for me with KASAN + lockdep + TRACE_IRQ).
> 
> I suspect you don't have gcc 7. That's is requirement for use-after-scope.

I do have it.

gcc --version
gcc (GCC) 7.2.1 20171123

tested with

$ grep GCC .config
CONFIG_HAVE_GCC_PLUGINS=y
CONFIG_GCC_PLUGINS=y
# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
CONFIG_GCC_PLUGIN_STRUCTLEAK=y
CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE=y
# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set

got the following use-after-scope:

 ==================================================================
 BUG: KASAN: use-after-scope in pcpu_setup_first_chunk+0x902/0xa21
 Write of size 8 at addr ffffffff81e07d78 by task swapper/0
 
 CPU: 0 PID: 0 Comm: swapper Not tainted 4.15.0-rc1-dbg-00261-g716b8dd05fd3-dirty #927
 Call Trace:
  dump_stack+0xca/0x146
  ? _atomic_dec_and_lock+0xdd/0xdd
  ? show_regs_print_info+0x39/0x39
  ? pcpu_setup_first_chunk+0x902/0xa21
  print_address_description+0x6e/0x207
  ? pcpu_setup_first_chunk+0x902/0xa21
  kasan_report+0x21e/0x244
  pcpu_setup_first_chunk+0x902/0xa21
  ? pcpu_free_alloc_info+0x27/0x27
  ? memblock_remove+0x12/0x12
  pcpu_embed_first_chunk+0x3fa/0x4a6
  ? pcpup_populate_pte+0xa/0xa
  ? pcpu_fc_free+0x40/0x40
  setup_per_cpu_areas+0x7c/0x2df
  start_kernel+0x174/0x489
  ? mem_encrypt_init+0x6/0x6
  ? load_ucode_bsp+0x7f/0xe0
  secondary_startup_64+0xa5/0xb0
 
 
 Memory state around the buggy address:
  ffffffff81e07c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  ffffffff81e07c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 >ffffffff81e07d00: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f8
                                                                 ^
  ffffffff81e07d80: f2 f2 f2 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00
  ffffffff81e07e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ==================================================================

no printk() related reports.

	-ss

Powered by blists - more mailing lists