lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 20 Jan 2023 08:38:54 -0700
From:   Jens Axboe <axboe@...nel.dk>
To:     Pavel Begunkov <asml.silence@...il.com>,
        Breno Leitao <leitao@...ian.org>, io-uring@...r.kernel.org
Cc:     kasan-dev@...glegroups.com, leit@...com,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] io_uring: Enable KASAN for request cache

On 1/20/23 8:09 AM, Pavel Begunkov wrote:
> On 1/18/23 15:56, Breno Leitao wrote:
>> Every io_uring request is represented by struct io_kiocb, which is
>> cached locally by io_uring (not SLAB/SLUB) in the list called
>> submit_state.freelist. This patch simply enabled KASAN for this free
>> list.
>>
>> This list is initially created by KMEM_CACHE, but later, managed by
>> io_uring. This patch basically poisons the objects that are not used
>> (i.e., they are the free list), and unpoisons it when the object is
>> allocated/removed from the list.
>>
>> Touching these poisoned objects while in the freelist will cause a KASAN
>> warning.
> 
> Doesn't apply cleanly to for-6.3/io_uring, but otherwise looks good
> 
> Reviewed-by: Pavel Begunkov <asml.silence@...il.com>

I ran testing on this yesterday and noticed the same thing, just a
trivial fuzz reject. I can fix it up while applying. Thanks for
reviewing!

-- 
Jens Axboe

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ