| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20171201015828.GA1303@jagdpanzerIV>
Date: Fri, 1 Dec 2017 10:58:28 +0900
From: Sergey Senozhatsky <sergey.senozhatsky.work@...il.com>
To: Andrey Ryabinin <aryabinin@...tuozzo.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@...il.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
Fengguang Wu <fengguang.wu@...el.com>,
LKML <linux-kernel@...r.kernel.org>,
Petr Mladek <pmladek@...e.com>,
Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
Steven Rostedt <rostedt@...dmis.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Ingo Molnar <mingo@...nel.org>,
Aleksey Makarov <aleksey.makarov@...aro.org>,
Nicolas Pitre <nicolas.pitre@...aro.org>,
Nikitas Angelinas <nikitas.angelinas@...il.com>,
LKP <lkp@...org>, kasan-dev <kasan-dev@...glegroups.com>
Subject: Re: [ 0.003333] BUG: KASAN: use-after-scope in
console_unlock+0x605/0xcc0
On (11/30/17 16:07), Andrey Ryabinin wrote:
[..]
> >> You can try dirty patch from here:
> >> https://groups.google.com/d/msg/kasan-dev/iDb5bhcMBT0/55QzwWaHAwAJ
> >> It should make KASAN print the exact variable name and frame where it
> >> was allocated.
> >
> > would be good if Fengguang can try this out. I can't reproduce the
> > problem on my x86 box (linux-next and Linus's trees both work fine
> > for me with KASAN + lockdep + TRACE_IRQ).
>
> I suspect you don't have gcc 7. That's is requirement for use-after-scope.
I do have it.
gcc --version
gcc (GCC) 7.2.1 20171123
tested with
$ grep GCC .config
CONFIG_HAVE_GCC_PLUGINS=y
CONFIG_GCC_PLUGINS=y
# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
CONFIG_GCC_PLUGIN_STRUCTLEAK=y
CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE=y
# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set
got the following use-after-scope:
==================================================================
BUG: KASAN: use-after-scope in pcpu_setup_first_chunk+0x902/0xa21
Write of size 8 at addr ffffffff81e07d78 by task swapper/0
CPU: 0 PID: 0 Comm: swapper Not tainted 4.15.0-rc1-dbg-00261-g716b8dd05fd3-dirty #927
Call Trace:
dump_stack+0xca/0x146
? _atomic_dec_and_lock+0xdd/0xdd
? show_regs_print_info+0x39/0x39
? pcpu_setup_first_chunk+0x902/0xa21
print_address_description+0x6e/0x207
? pcpu_setup_first_chunk+0x902/0xa21
kasan_report+0x21e/0x244
pcpu_setup_first_chunk+0x902/0xa21
? pcpu_free_alloc_info+0x27/0x27
? memblock_remove+0x12/0x12
pcpu_embed_first_chunk+0x3fa/0x4a6
? pcpup_populate_pte+0xa/0xa
? pcpu_fc_free+0x40/0x40
setup_per_cpu_areas+0x7c/0x2df
start_kernel+0x174/0x489
? mem_encrypt_init+0x6/0x6
? load_ucode_bsp+0x7f/0xe0
secondary_startup_64+0xa5/0xb0
Memory state around the buggy address:
ffffffff81e07c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffff81e07c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffff81e07d00: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f8
^
ffffffff81e07d80: f2 f2 f2 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00
ffffffff81e07e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
no printk() related reports.
-ss
Powered by blists - more mailing lists