lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 23 Jul 2020 08:51:42 -0700
From:   Eric Biggers <ebiggers@...nel.org>
To:     Cengiz Can <cengiz@...nel.wtf>
Cc:     Eric Van Hensbergen <ericvh@...il.com>,
        Latchesar Ionkov <lucho@...kov.net>,
        Dominique Martinet <asmadeus@...ewreck.org>,
        Christoph Hellwig <hch@....de>, linux-fsdevel@...r.kernel.org,
        linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com,
        viro@...iv.linux.org.uk, v9fs-developer@...ts.sourceforge.net,
        syzbot <syzbot+d012ca3f813739c37c25@...kaller.appspotmail.com>
Subject: Re: WARNING in __kernel_read

Hi Cengiz,

On Thu, Jul 23, 2020 at 05:17:25PM +0300, Cengiz Can wrote:
> Hello,
> 
> I'm trying to help clean up syzkaller submissions and this caught my
> attention and I wanted to get your advice.
> 
> With commit: 6209dd9132e8ea5545cffc84483841e88ea8cc5b `kernel_read` was
> modified to use `__kernel_read` by Christoph Hellwig.
> 
> One of the syzkaller tests executes following system calls:
> 
> open("./file0", O_WRONLY|O_CREAT|O_EXCL|O_DIRECT|0x4, 000) = 5
> open("/dev/char/4:1", O_RDWR)           = 6
> mount(NULL, "./file0", "9p", 0,
> "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000006,"
> 
> This initiates a `__kernel_read` call from `p9_read_work` (and
> `p9_fd_read`) and since the `file->f_mode` does not contain FMODE_READ
> , a WARN_ON_ONCE is thrown.
> 
> ```
> if (WARN_ON_ONCE(!(file->f_mode & FMODE_READ)))
>          return -EINVAL;
> ```
> 
> Can you help me understand what's wrong and fix this issue? 
> Is it already being worked on?
> 

Looks like this was already fixed in linux-next by:

	commit a39c46067c845a8a2d7144836e9468b7f072343e
	Author: Christoph Hellwig <hch@....de>
	Date:   Fri Jul 10 10:57:22 2020 +0200

	    net/9p: validate fds in p9_fd_open

Let's tell syzbot so that it closes this bug report:

#syz fix: net/9p: validate fds in p9_fd_open

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ