| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Dec 2022 11:02:57 -0500
From: Waiman Long <longman@...hat.com>
To: Catalin Marinas <catalin.marinas@....com>,
Andrew Morton <akpm@...ux-foundation.org>
Cc: linux-mm@...ck.org, linux-kernel@...r.kernel.org,
Muchun Song <songmuchun@...edance.com>,
Waiman Long <longman@...hat.com>
Subject: [PATCH v2 0/2] mm/kmemleak: Simplify kmemleak_cond_resched() & fix UAF
It was found that a KASAN use-after-free error was reported in the
kmemleak_scan() function. After further examination, it is believe
that even though a reference is taken from the current object, it does
not prevent the object pointed to by the next pointer from going away
after a cond_resched().
To fix that, additional flags are added to make sure that the current
object won't be removed from the object_list during the duration of
the cond_resched() to ensure the validity of the next pointer.
While making the change, I also simplify the current usage of
kmemleak_cond_resched() to make it easier to understand.
Waiman Long (2):
mm/kmemleak: Simplify kmemleak_cond_resched() usage
mm/kmemleak: Fix UAF bug in kmemleak_scan()
[v2: Update patch 2 to prevent object_list removal of current object]
mm/kmemleak.c | 83 +++++++++++++++++++++++++--------------------------
1 file changed, 41 insertions(+), 42 deletions(-)
--
2.31.1
Powered by blists - more mailing lists