lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 15 Nov 2019 10:19:20 -0800
From:   Stephen Boyd <swboyd@...omium.org>
To:     alexandre.belloni@...tlin.com, andreyknvl@...gle.com,
        arnd@...db.de, gregkh@...uxfoundation.org,
        herbert@...dor.apana.org.au, linux-crypto@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org,
        lvivier@...hat.com, mchehab+samsung@...nel.org, mpm@...enic.com,
        syzbot <syzbot+6d8505fcdf25f00ac276@...kaller.appspotmail.com>,
        syzkaller-bugs@...glegroups.com, tytso@....edu
Subject: Re: KASAN: use-after-free Read in chaoskey_disconnect

Quoting syzbot (2019-10-30 05:52:08)
> Hello,
> 
> syzbot found the following crash on:
> 
> HEAD commit:    ff6409a6 usb-fuzzer: main usb gadget fuzzer driver
> git tree:       https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=15e1ba24e00000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=3230c37d442895b7
> dashboard link: https://syzkaller.appspot.com/bug?extid=6d8505fcdf25f00ac276
> compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=169b8904e00000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=166f3104e00000
> 
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+6d8505fcdf25f00ac276@...kaller.appspotmail.com
> 

Ok, let's try that again

#syz test: https://github.com/google/kasan.git ff6409a6

diff --git a/drivers/char/random.c b/drivers/char/random.c
index 5b799aa973a3..c487709499fc 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -2440,8 +2440,8 @@ void add_hwgenerator_randomness(const char *buffer, size_t count,
 	 * We'll be woken up again once below random_write_wakeup_thresh,
 	 * or when the calling thread is about to terminate.
 	 */
-	wait_event_freezable(random_write_wait,
-			kthread_should_stop() ||
+	wait_event_interruptible(random_write_wait,
+			kthread_should_stop() || freezing(current) ||
 			ENTROPY_BITS(&input_pool) <= random_write_wakeup_bits);
 	mix_pool_bytes(poolp, buffer, count);
 	credit_entropy_bits(poolp, entropy);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ