lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 5 Apr 2018 07:21:31 -0700
From:   Kees Cook <>
To:     Oleksandr Natalenko <>
Cc:     David Windsor <>,
        "James E.J. Bottomley" <>,
        "Martin K. Petersen" <>,, LKML <>
Subject: Re: usercopy whitelist woe in scsi_sense_cache

On Thu, Apr 5, 2018 at 2:56 AM, Oleksandr Natalenko
<> wrote:
> Hi.
> 04.04.2018 23:25, Kees Cook wrote:
>> Thanks for the report! I hope someone more familiar with sg_io() can
>> help explain the changing buffer offset... :P
> Also, FYI, I kept the server running with smartctl periodically invoked, and
> it was still triggering BUGs, however, I consider them to be more or less
> harmless until the server got stuck with high I/O wait this morning after
> next smartctl invocation. So, it isn't harmless, it seems…
> It could be unrelated, of course, since the journal didn't give me any hint
> (or a stack trace) on what happened, thus I'll monitor how things behave
> without smartctl too.

I had a VM running over night with:

[1]   Running                 while :; do
    smartctl -a /dev/sda > /dev/null;
done &
[2]-  Running                 while :; do
    ls --color=auto -lR / > /dev/null 2> /dev/null;
done &
[3]+  Running                 while :; do
    sleep $(( $RANDOM % 100 )); sync; echo 3 > /proc/sys/vm/drop_caches;
done &

and I haven't seen the issue. :(

FWIW, I'm using the ahci qemu driver:

-drive file=disk-image.raw,if=none,id=drive0,format=raw \
-device ahci,id=bus0 \
-device ide-drive,bus=bus0.0,drive=drive0

Does this match your qemu instance?


Kees Cook
Pixel Security

Powered by blists - more mailing lists