| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200418021136.GA17090@T590>
Date: Sat, 18 Apr 2020 10:11:36 +0800
From: Ming Lei <ming.lei@...hat.com>
To: yu kuai <yukuai3@...wei.com>
Cc: axboe@...nel.dk, bvanassche@....org, yi.zhang@...wei.com,
yuyufen@...wei.com, linux-block@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [RFC] block: fix access of uninitialized pointer address in
bt_for_each()
On Fri, Apr 17, 2020 at 08:51:34PM +0800, yu kuai wrote:
> I recently got a KASAN warning like this in our 4.19 kernel:
>
> ==================================================================
> BUG: KASAN: slab-out-of-bounds in bt_for_each+0x1dc/0x2c0
> Read of size 8 at addr ffff8000c0865000 by task sh/2023305
>
> Call trace:
> dump_backtrace+0x0/0x310
> show_stack+0x28/0x38
> dump_stack+0xd8/0x108
> print_address_description+0x68/0x2d0
> kasan_report+0x124/0x2e0
> __asan_load8+0x88/0xb0
> bt_for_each+0x1dc/0x2c0
> blk_mq_queue_tag_busy_iter+0x1f0/0x3e8
> blk_mq_in_flight+0xb4/0xe0
> part_in_flight+0x124/0x178
> part_round_stats+0x128/0x3b0
This code path is killed since 5b18b5a73760 ("block: delete part_round_stats and
switch to less precise counting").
However, it still can be triggered via readding proc & sysfs iostat.
Jian Chao worked patches for this issue before, please refer to:
https://lore.kernel.org/linux-block/1553492318-1810-1-git-send-email-jianchao.w.wang@oracle.com/
but didn't get chance to merge.
Thanks,
Ming
Powered by blists - more mailing lists