[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 2 Feb 2019 12:58:07 -0500 (EST)
From: Vince Weaver <vincent.weaver@...ne.edu>
To: Jiri Olsa <jolsa@...hat.com>
cc: Vince Weaver <vincent.weaver@...ne.edu>,
Ravi Bangoria <ravi.bangoria@...ux.ibm.com>,
lkml <linux-kernel@...r.kernel.org>,
Peter Zijlstra <peterz@...radead.org>,
linux-perf-users@...r.kernel.org,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Andi Kleen <ak@...ux.intel.com>, eranian@...gle.com,
"Naveen N. Rao" <naveen.n.rao@...ux.vnet.ibm.com>
Subject: Re: System crash with perf_fuzzer (kernel: 5.0.0-rc3)
On Fri, 1 Feb 2019, Jiri Olsa wrote:
> >
> > I've just started fuzzing with the patch applied. Often it takes a few
> > hours to trigger the bug.
>
> cool, thanks
I let it run overnight and no crash.
> > Added question about this bug. It appeared that the crash was triggered
> > by the BTS driver over-writing kernel memory. The data being written, was
> > this user controllable? Meaning, is this a security issue being fixed, or
> > just a crashing issue?
>
> yea, I have an example that can trigger it immediately
I mean: the crash is happening because data structures are getting
over-written by the BTS driver. Depending who and what is doing this,
this could be a security issue (i.e. if it was raw BTS data that was
partially userspace controlled values). Though even if this were the case
it would probably be hard to exploit.
Vince
Powered by blists - more mailing lists