lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon, 7 Sep 2020 07:47:29 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Anant Thazhemadam <anant.thazhemadam@...il.com>
Cc:     linux-kernel-mentees@...ts.linuxfoundation.org,
        syzbot+b8639c8dcb5ec4483d4f@...kaller.appspotmail.com,
        Saravana Kannan <saravanak@...gle.com>,
        "Rafael J. Wysocki" <rafael@...nel.org>,
        Jean-Philippe Brucker <jean-philippe@...aro.org>,
        Dan Williams <dan.j.williams@...el.com>,
        Joerg Roedel <jroedel@...e.de>,
        Bartosz Golaszewski <bgolaszewski@...libre.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [Linux-kernel-mentees] [PATCH] block : Fix use-after-free Read
 in delete_partition

On Mon, Sep 07, 2020 at 01:41:56AM +0530, Anant Thazhemadam wrote:
> A use-after-free read of the kobject member being casted out to the
> device structure containing it seems to be potentially possible
> due to unsafe casting using container_of (since an edge case such
> as when the ptr being casted might be NULL or problematic is not
> accounted for).
> Using container_of_safe resolves this issue, with no obvious tradeoffs
> and without considerable expense.

No, now every caller has to check for NULL, and that would mean that you
now need to fix up hundreds of different places in the kernel.

Please fix the root cause that would cause NULL to be passed to this
call in the block code, don't paper over the issue here.

thanks,

greg k-h

Powered by blists - more mailing lists