| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAM_iQpUpe5J30_aOzDUHrxiC7hXyQfH6-R7TM_L==gkj_XTu5w@mail.gmail.com>
Date: Thu, 27 Sep 2018 10:50:00 -0700
From: Cong Wang <xiyou.wangcong@...il.com>
To: Dmitry Vyukov <dvyukov@...gle.com>
Cc: Eric Dumazet <eric.dumazet@...il.com>,
syzbot+37b8770e6d5a8220a039@...kaller.appspotmail.com,
David Miller <davem@...emloft.net>,
Jamal Hadi Salim <jhs@...atatu.com>,
Jiri Pirko <jiri@...nulli.us>,
LKML <linux-kernel@...r.kernel.org>,
Linux Kernel Network Developers <netdev@...r.kernel.org>,
syzkaller-bugs@...glegroups.com
Subject: Re: KASAN: use-after-free Read in tcf_block_find
On Thu, Sep 27, 2018 at 1:11 AM Dmitry Vyukov <dvyukov@...gle.com> wrote:
>
> Would a stack trace for call_rcu be helpful here? I have this idea for
> a long time, but never get around to implementing it:
> https://bugzilla.kernel.org/show_bug.cgi?id=198437
Yes. Generally speaking, showing backtrace of call_rcu()
or schedule_work(0 etc. is very helpful, we are more interested
in who calls call_rcu() than what that RCU callback does.
BTW, yesterday I asked syzbot to test this:
https://github.com/congwang/linux/commit/b7815584cf1c0bbb79e8f6fe3e4b66ba10375560
I still don't get any result.
For this specific bug, we should hold a refcnt in dev->qdisc, I don't
even see how call_rcu() could be invoked, unless of course we mess
up with qdisc refcnt.
Powered by blists - more mailing lists