| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACT4Y+a3WWKLPoLD7LC44gaDNQ-p13dW5FT4w1MatcL61u_+XQ@mail.gmail.com>
Date: Wed, 6 Nov 2019 16:36:45 +0100
From: Dmitry Vyukov <dvyukov@...gle.com>
To: Daniel Vetter <daniel@...ll.ch>
Cc: syzbot <syzbot+fb77e97ebf0612ee6914@...kaller.appspotmail.com>,
Dave Airlie <airlied@...ux.ie>,
Andrew Morton <akpm@...ux-foundation.org>,
dri-devel <dri-devel@...ts.freedesktop.org>,
Kees Cook <keescook@...omium.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
Maxime Ripard <mripard@...nel.org>,
Sean Paul <sean@...rly.run>,
Stephen Rothwell <sfr@...b.auug.org.au>,
syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
Al Viro <viro@...iv.linux.org.uk>
Subject: Re: WARNING in drm_mode_createblob_ioctl
On Wed, Nov 6, 2019 at 4:30 PM Daniel Vetter <daniel@...ll.ch> wrote:
>
> On Wed, Nov 6, 2019 at 4:20 PM syzbot
> <syzbot+fb77e97ebf0612ee6914@...kaller.appspotmail.com> wrote:
> >
> > syzbot has bisected this bug to:
> >
> > commit 9e5a64c71b2f70ba530f8156046dd7dfb8a7a0ba
> > Author: Kees Cook <keescook@...omium.org>
> > Date: Mon Nov 4 22:57:23 2019 +0000
> >
> > uaccess: disallow > INT_MAX copy sizes
>
> Ah cool, this explains it.
>
> fwiw I never managed to get the WARNING in the backtrace to lign up
> with any code. No idea what's been going on.
>
> I'll type a patch to paper over this.
> -Daniel
If I get:
git checkout 8ada228a
then include/linux/thread_info.h:150
points right to:
if (WARN_ON_ONCE(bytes > INT_MAX))
Is the size user-controllable here?
> >
> > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=125fe6dce00000
> > start commit: 51309b9d Add linux-next specific files for 20191105
> > git tree: linux-next
> > final crash: https://syzkaller.appspot.com/x/report.txt?x=115fe6dce00000
> > console output: https://syzkaller.appspot.com/x/log.txt?x=165fe6dce00000
> > kernel config: https://syzkaller.appspot.com/x/.config?x=a9b1a641c1f1fc52
> > dashboard link: https://syzkaller.appspot.com/bug?extid=fb77e97ebf0612ee6914
> > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1212dc3ae00000
> > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=145f604ae00000
> >
> > Reported-by: syzbot+fb77e97ebf0612ee6914@...kaller.appspotmail.com
> > Fixes: 9e5a64c71b2f ("uaccess: disallow > INT_MAX copy sizes")
> >
> > For information about bisection process see: https://goo.gl/tpsmEJ#bisection
>
>
>
> --
> Daniel Vetter
> Software Engineer, Intel Corporation
> +41 (0) 79 365 57 48 - http://blog.ffwll.ch
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@...glegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/CAKMK7uFQt%2B%3D7XMo9jvz77QvDWLAAU_V7-_qZ%3DiKe-GXG7cqeJg%40mail.gmail.com.
Powered by blists - more mailing lists