lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Apr 2018 11:33:22 -0500 From: ebiederm@...ssion.com (Eric W. Biederman) To: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> Cc: syzbot+7a1cff37dbbef9e7ba4c@...kaller.appspotmail.com, syzkaller-bugs@...glegroups.com, viro@...IV.linux.org.uk, akpm@...ux-foundation.org, dhowells@...hat.com, ebiggers3@...il.com, gs051095@...il.com, ktkhai@...tuozzo.com, linux-kernel@...r.kernel.org, oleg@...hat.com, pasha.tatashin@...cle.com, riel@...hat.com, rppt@...ux.vnet.ibm.com, wangkefeng.wang@...wei.com Subject: Re: KASAN: use-after-free Read in alloc_pid Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> writes: > On 2018/04/10 23:33, Tetsuo Handa wrote: >> syzbot wrote: >>> syzbot has found reproducer for the following crash on upstream commit >>> c18bb396d3d261ebbb4efbc05129c5d354c541e4 (Tue Apr 10 00:04:10 2018 +0000) >>> Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net >>> syzbot dashboard link: >>> https://syzkaller.appspot.com/bug?extid=7a1cff37dbbef9e7ba4c >>> >> While we are waiting for >> >> rpc_pipefs: fix double-dput() >> rpc_pipefs: deal with early sget() failures >> kernfs: deal with early sget() failures >> procfs: deal with early sget() failures >> orangefs_kill_sb(): deal with allocation failures >> nfsd_umount(): deal with early sget() failures >> nfs: avoid double-free on early sget() failures >> jffs2_kill_sb(): deal with failed allocations >> hypfs_kill_super(): deal with failed allocations >> >> in https://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git/log/?h=for-linus , >> I think the patch at >> >> WARNING in kill_block_super >> https://syzkaller.appspot.com/bug?id=588996a25a2587be2e3a54e8646728fb9cae44e7 >> >> is better. >> > > OK. The patch was sent to linux.git as commit 8e04944f0ea8b838. > > #syz fix: mm,vmscan: Allow preallocating memory for > register_shrinker(). Sigh no fixes tag on the commit you sent to Linus, and no cc'ing of stable. Can you please update the stable folks that 9ee332d99e4d ("sget(): handle failures of register_shrinker()") is fixed with the commit you just sent to Linus? Thank you, Eric
Powered by blists - more mailing lists