| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87bkt8ladp.wl-tiwai@suse.de>
Date: Fri, 29 Jul 2022 08:07:46 +0200
From: Takashi Iwai <tiwai@...e.de>
To: Dipanjan Das <mail.dipanjan.das@...il.com>
Cc: Greg KH <gregkh@...uxfoundation.org>, perex@...ex.cz,
tiwai@...e.com, consult.awy@...il.com, alsa-devel@...a-project.org,
linux-kernel@...r.kernel.org, syzkaller@...glegroups.com,
fleischermarius@...glemail.com, its.priyanka.bose@...il.com
Subject: Re: KASAN: vmalloc-out-of-bounds Write in snd_pcm_hw_params
On Fri, 29 Jul 2022 01:24:12 +0200,
Dipanjan Das wrote:
>
> On Tue, Jul 26, 2022 at 10:25 PM Takashi Iwai <tiwai@...e.de> wrote:
> >
> > Thanks for the analysis. A good news is that, at least for the
> > vmalloc() case, it's a kind of false-positive; vmalloc() always takes
> > the full pages, so practically seen, the size is page-aligned. It's
> > fooling the memory checker, though.
> >
> > But the similar problem could be seen with genalloc calls, and this
> > was fixed by the upstream commit
> > 5c1733e33c888a3cb7f576564d8ad543d5ad4a9e
> > ALSA: memalloc: Align buffer allocations in page size
> >
> > I suppose you can simply backport this commit to 5.10.y. Could you
> > confirm that this fixes your problem?
>
> We confirm that the patch you proposed fixes the problem (blocks the
> reproducer). How do we proceed with getting the issue fixed? Do we
> send a patch according to the steps detailed here:
> https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html?
Don't worry, Greg already picked up the fix commit :)
thanks,
Takashi
Powered by blists - more mailing lists