lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <f1ca3cea-01ae-998a-2aa8-c3e40cf46975@leemhuis.info>
Date:   Fri, 6 Jan 2023 11:57:46 +0100
From:   Thorsten Leemhuis <regressions@...mhuis.info>
To:     Kees Cook <keescook@...omium.org>
Cc:     "regressions@...ts.linux.dev" <regressions@...ts.linux.dev>,
        linux-bcache@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>
Subject: Re: [regression] BugĀ 216785 - "memcpy: detected field-spanning write..." warnings with bcache #forregzbot

On 06.01.23 07:22, Kees Cook wrote:
> On Thu, Dec 15, 2022 at 08:11:06AM +0100, Thorsten Leemhuis wrote:
>> [Note: this mail contains only information for Linux kernel regression
>> tracking. Mails like these contain '#forregzbot' in the subject to make
>> then easy to spot and filter out. The author also tried to remove most
>> or all individuals from the list of recipients to spare them the hassle.]
>>
>> On 08.12.22 15:53, Thorsten Leemhuis wrote:
>>> https://bugzilla.kernel.org/show_bug.cgi?id=216785 :
>>>
>>>>  Alexandre Pereira 2022-12-07 18:51:55 UTC
>>>>
>>>> Testing linux kernel 6.1-rc8, I have several kernel erros regarding bcache.
>>>>
>>>> For context, I have a bcache configuration that is working without issues on 6.0.x and previous versions.
>>>>
>>>> The errors:
>>>>
>>>> dez 07 18:33:45 stormtrooper kernel: ------------[ cut here ]------------
>>>> dez 07 18:33:45 stormtrooper kernel: memcpy: detected field-spanning write (size 264) of single field "&i->j" at drivers/md/bcache/journal.c:152 (size 240)
>>
>> #regzbot inconclusive: stop tracking field-spanning write warnings, they
>> come from a new security feature
>>
>> https://lore.kernel.org/all/20210727205855.411487-1-keescook@chromium.org/
>>
>> Tracking them would cost time I better spend on more important things
>> for now
> 
> FWIW, I'd find it handy to see these. I've been trying to track and fix
> them. 

In that case I'd suggest: I forward any I see to you, but don't add them
 to the regressions tracked with regzbot.

Does that sound fine for you? Or is there a strong reason why I should
track them? Then they would be in the weekly reports to Linus, but I
wonder if he cares. At least for now now I guess he does not -- at some
later point where of the problems that are still hiding surfaced and
were fixed it might be something different. But then I could start
tracking them.

> To that end, I've just sent out the following patches:

Great!

Ciao, Thorsten

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ