| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220323154739.GA816@lst.de>
Date: Wed, 23 Mar 2022 16:47:39 +0100
From: Christoph Hellwig <hch@....de>
To: Kees Cook <keescook@...omium.org>
Cc: Christoph Hellwig <hch@....de>,
kernel test robot <oliver.sang@...el.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
Bart Van Assche <bvanassche@....org>,
John Garry <john.garry@...wei.com>,
LKML <linux-kernel@...r.kernel.org>, lkp@...ts.01.org,
lkp@...el.com, "Matthew Wilcox (Oracle)" <willy@...radead.org>,
linux-mm@...ck.org, linux-hardening@...r.kernel.org
Subject: Re: [scsi] 6aded12b10: kernel_BUG_at_mm/usercopy.c
On Wed, Mar 23, 2022 at 08:40:30AM -0700, Kees Cook wrote:
> Regardless, I'm concerned that disabling PAGESPAN will just uncover
> further checks, though. Where is allocation happening? The check is here:
blk_mq_alloc_rqs, using alloc_pages_node. This hasn't actually changed
with this comment. Just the size of the allocation shrunk, probably
leading to the span of pages.
> I *think* the allocation is happening in scsi_ioctl_reset()? But that's
> a plain kmalloc(), so I'm not sure why PAGESPAN would have tripped...
> are there other allocation paths?
scsi_ioctl_reset is the odd one out and does also allocate a request,
but that request is never used for user copies (and that whole hacky
side path needs to go away, there is a huge series that needs to be
finished to sort this out).
Powered by blists - more mailing lists