lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <a6660196fa5a4b71b8f5d6e1bc2aa262@huawei.com>
Date:   Mon, 14 Sep 2020 01:51:41 +0000
From:   linmiaohe <linmiaohe@...wei.com>
To:     Hillf Danton <hdanton@...a.com>
CC:     "akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-mm@...ck.org" <linux-mm@...ck.org>,
        "syzkaller-bugs@...glegroups.com" <syzkaller-bugs@...glegroups.com>,
        syzbot <syzbot+c5d5a51dcbb558ca0cb5@...kaller.appspotmail.com>
Subject: Re: general protection fault in unlink_file_vma

Hillf Danton <hdanton@...a.com> wrote:
> On Sun, 13 Sep 2020 09:17:26 +0000 linmiaohe wrote:
>> 
>> I reviewed the code carefully these days and I found vma_merge() do only fput() the vm_file of the linked vma in remove_next cases.
>> This gpf is much likely because the ->mmap() callback can change 
>> vma->vm_file and fput the original file. But my previous commit failed to catch this case and always fput() the original file, hence add an extra fput().
>> The below patch would make the things right:
>> 
>
>Take another look at the Cc list and the link below.
>
>https://lore.kernel.org/lkml/20200911120222.GT87483@ziepe.ca/
>

Many thanks for your teach. I think I could send the proposed patch to the syzbot directly.
Thanks again.:)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ