| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHRSSExL1fUNpV4jBON5qh47M8A+na0twVNEqpvkBoYVnbJSHA@mail.gmail.com>
Date: Tue, 18 Jun 2019 10:37:10 -0700
From: Todd Kjos <tkjos@...gle.com>
To: Dan Carpenter <dan.carpenter@...cle.com>
Cc: syzbot <syzbot+3ae18325f96190606754@...kaller.appspotmail.com>,
Arve Hjønnevåg <arve@...roid.com>,
Christian Brauner <christian@...uner.io>,
"open list:ANDROID DRIVERS" <devel@...verdev.osuosl.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"Joel Fernandes (Google)" <joel@...lfernandes.org>,
LKML <linux-kernel@...r.kernel.org>,
Martijn Coenen <maco@...roid.com>,
syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
Todd Kjos <tkjos@...roid.com>
Subject: Re: kernel BUG at drivers/android/binder_alloc.c:LINE! (4)
On Tue, Jun 18, 2019 at 5:18 AM Dan Carpenter <dan.carpenter@...cle.com> wrote:
>
> It's weird that that binder_alloc_copy_from_buffer() is a void function.
> It would be easier to do the error handling at that point, instead of in
> the callers. It feels like we keep hitting similar bugs to this.
The idea is that if it is an error that the user can cause, it is
checked by the caller of binder_alloc_copy_from_buffer(). Most uses
are kernel cases where the expected alignments should be fine and it's
a BUG if they are not.
Admittedly, a few cases (like this one) have slipped through since
they cannot happen in Android (syzkaller has been very useful to find
our bad assumptions).
-Todd
>
> regards,
> dan carpenter
>
Powered by blists - more mailing lists