| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200907054729.GA280798@kroah.com>
Date: Mon, 7 Sep 2020 07:47:29 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Anant Thazhemadam <anant.thazhemadam@...il.com>
Cc: linux-kernel-mentees@...ts.linuxfoundation.org,
syzbot+b8639c8dcb5ec4483d4f@...kaller.appspotmail.com,
Saravana Kannan <saravanak@...gle.com>,
"Rafael J. Wysocki" <rafael@...nel.org>,
Jean-Philippe Brucker <jean-philippe@...aro.org>,
Dan Williams <dan.j.williams@...el.com>,
Joerg Roedel <jroedel@...e.de>,
Bartosz Golaszewski <bgolaszewski@...libre.com>,
linux-kernel@...r.kernel.org
Subject: Re: [Linux-kernel-mentees] [PATCH] block : Fix use-after-free Read
in delete_partition
On Mon, Sep 07, 2020 at 01:41:56AM +0530, Anant Thazhemadam wrote:
> A use-after-free read of the kobject member being casted out to the
> device structure containing it seems to be potentially possible
> due to unsafe casting using container_of (since an edge case such
> as when the ptr being casted might be NULL or problematic is not
> accounted for).
> Using container_of_safe resolves this issue, with no obvious tradeoffs
> and without considerable expense.
No, now every caller has to check for NULL, and that would mean that you
now need to fix up hundreds of different places in the kernel.
Please fix the root cause that would cause NULL to be passed to this
call in the block code, don't paper over the issue here.
thanks,
greg k-h
Powered by blists - more mailing lists