lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <230c5303-2aed-7c36-3147-2c05361067ef@huawei.com>
Date:   Mon, 7 Nov 2022 10:01:34 +0800
From:   Baokun Li <libaokun1@...wei.com>
To:     Theodore Ts'o <tytso@....edu>, <linux-ext4@...r.kernel.org>
CC:     <lczerner@...hat.com>, <chengzhihao1@...wei.com>,
        <enwlinux@...il.com>, <linux-kernel@...r.kernel.org>,
        <ritesh.list@...il.com>, <stable@...r.kernel.org>,
        <adilger.kernel@...ger.ca>, <yebin10@...wei.com>, <jack@...e.cz>,
        <yi.zhang@...wei.com>, <yukuai3@...wei.com>
Subject: Re: [PATCH v2] ext4: fix use-after-free in ext4_ext_shift_extents

On 2022/9/30 11:19, Theodore Ts'o wrote:
> On Thu, 22 Sep 2022 20:04:34 +0800, Baokun Li wrote:
>> If the starting position of our insert range happens to be in the hole
>> between the two ext4_extent_idx, because the lblk of the ext4_extent in
>> the previous ext4_extent_idx is always less than the start, which leads
>> to the "extent" variable access across the boundary, the following UAF is
>> triggered:
>> ==================================================================
>> BUG: KASAN: use-after-free in ext4_ext_shift_extents+0x257/0x790
>> Read of size 4 at addr ffff88819807a008 by task fallocate/8010
>> CPU: 3 PID: 8010 Comm: fallocate Tainted: G            E     5.10.0+ #492
>> Call Trace:
>>   dump_stack+0x7d/0xa3
>>   print_address_description.constprop.0+0x1e/0x220
>>   kasan_report.cold+0x67/0x7f
>>   ext4_ext_shift_extents+0x257/0x790
>>   ext4_insert_range+0x5b6/0x700
>>   ext4_fallocate+0x39e/0x3d0
>>   vfs_fallocate+0x26f/0x470
>>   ksys_fallocate+0x3a/0x70
>>   __x64_sys_fallocate+0x4f/0x60
>>   do_syscall_64+0x33/0x40
>>   entry_SYSCALL_64_after_hwframe+0x44/0xa9
>> ==================================================================
>>
>> [...]
> Applied, thanks!
>
> [1/1] ext4: fix use-after-free in ext4_ext_shift_extents
>        (no commit info)
>
> Best regards,

Hi Theodore,

Could you tell me why this patch has been applied, but there is no cmmit 
info,

and the patch cannot be found on any branch?

-- 
With Best Regards,
Baokun Li

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ