| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <DM6PR04MB6575AE5E44E55342A7A66F4AFCAB0@DM6PR04MB6575.namprd04.prod.outlook.com>
Date: Mon, 11 Jan 2021 10:07:50 +0000
From: Avri Altman <Avri.Altman@....com>
To: Jaegeuk Kim <jaegeuk@...nel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-scsi@...r.kernel.org" <linux-scsi@...r.kernel.org>,
"kernel-team@...roid.com" <kernel-team@...roid.com>
CC: "cang@...eaurora.org" <cang@...eaurora.org>,
"alim.akhtar@...sung.com" <alim.akhtar@...sung.com>,
"bvanassche@....org" <bvanassche@....org>,
"martin.petersen@...cle.com" <martin.petersen@...cle.com>,
"stanley.chu@...iatek.com" <stanley.chu@...iatek.com>,
Jaegeuk Kim <jaegeuk@...gle.com>
Subject: RE: [PATCH v3] scsi: ufs: WB is only available on LUN #0 to #7
>
>
> From: Jaegeuk Kim <jaegeuk@...gle.com>
>
> Kernel stack violation when getting unit_descriptor/wb_buf_alloc_units from
> rpmb lun. The reason is the unit descriptor length is different per LU.
>
> The lengh of Normal LU is 45, while the one of rpmb LU is 35.
>
> int ufshcd_read_desc_param(struct ufs_hba *hba, ...)
> {
> param_offset=41;
> param_size=4;
> buff_len=45;
> ...
> buff_len=35 by rpmb LU;
>
> if (is_kmalloc) {
> /* Make sure we don't copy more data than available */
> if (param_offset + param_size > buff_len)
> param_size = buff_len - param_offset;
> --> param_size = 250;
> memcpy(param_read_buf, &desc_buf[param_offset], param_size);
> --> memcpy(param_read_buf, desc_buf+41, 250);
>
> [ 141.868974][ T9174] Kernel panic - not syncing: stack-protector: Kernel
> stack is corrupted in: wb_buf_alloc_units_show+0x11c/0x11c
> }
> }
>
> Signed-off-by: Jaegeuk Kim <jaegeuk@...nel.org>
Reviewed-by: Avri Altman <avri.altman@....com>
Powered by blists - more mailing lists