lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ef445202-400b-ec2e-727a-306d5fd9350d@kernel.dk>
Date:   Thu, 16 Mar 2023 13:25:19 -0600
From:   Jens Axboe <axboe@...nel.dk>
To:     Fedor Pchelkin <pchelkin@...ras.ru>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     stable@...r.kernel.org, linux-kernel@...r.kernel.org,
        Alexey Khoroshilov <khoroshilov@...ras.ru>,
        lvc-project@...uxtesting.org
Subject: Re: [PATCH 5.10/5.15] io_uring: avoid null-ptr-deref in
 io_arm_poll_handler

On 3/16/23 1:22 PM, Fedor Pchelkin wrote:
> On Thu, Mar 16, 2023 at 08:04:24PM +0100, Greg Kroah-Hartman wrote:
>>
>> How can you trigger a GFP_ATOMIC memory failure?  If you do, worse
>> things are about to happen to your system, right?
>>
>> thanks,
>>
>> greg k-h
> 
> Well, Syzkaller triggers them with fail slab, and that is more for
> debugging purposes to detect improper handling of error paths.
> 
> I agree that if GFP_ATOMIC memory allocation fails then the system is in
> more trouble. Do you mean this is the point not to backport it? Now I'm
> actually not quite sure about this... It's not clear to me whether such
> things should be backported: on one hand, it is a bug which can actually
> occur (yes, in very bad situation), on the other - the whole system is not
> good anyway.

I agree with both of you - the likelihood of this happening outside of
synthetic error injection is very small, and if it does, the system has
probably gone to shit anyway.

On the other hand, this does bring the code in line with what upstream
is doing, and I think it's worth adding for that reason alone.

-- 
Jens Axboe


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ