lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <2023051550-monotone-obliged-c1fb@gregkh>
Date:   Mon, 15 May 2023 13:57:20 +0200
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Qiumiao Zhang <zhangqiumiao1@...wei.com>
Cc:     andriy.shevchenko@...ux.intel.com, fengtao40@...wei.com,
        jirislaby@...nel.org, linux-kernel@...r.kernel.org,
        yanan@...wei.com, ilpo.jarvinen@...ux.intel.com
Subject: Re: Re: KASAN: soft lockup in paste_selection

On Mon, May 15, 2023 at 03:26:29PM +0800, Qiumiao Zhang wrote:
> On Fri, May 12, 2023 at 11:33:26AM +0000, gregkh wrote:
> >> Hello,
> >> 
> >> We found the following issue using syzkaller on Linux v5.10.0.
> > 
> > 5.10.0 is very old and obsolete and over 20 thousand patches old.
> > Please, if you are testing LTS kernels, use the latest one.
> > 
> >> A similar issue was found in function `paste_selection` before and I 
> >> believe they are the same.
> >> (https://lore.kernel.org/all/000000000000fe769905d315a1b7@google.com/)
> >> 
> >> Unfortunately, no one seems to be paying attention to this issue.
> > 
> > Do you have a proposed patch for this fix now that you have a way to reproduce this?  Do you see this in real situations or only in > fault-injection systems running syzbot?
> > 
> > And can you reproduce this on 6.4-rc1?  Do you have a reproducer?
> > 
> > thanks,
> > 
> > greg k-h
> 
> I see this issue only in fault-injection systems running syzbot. And I can reproduce this on 6.4-rc1.

fault-injection systems are "fake" and for many issues in the
tty/console layer, we really do not care about them as they the failures
can never be triggered in real life.

Are you sure this is not such a issue?

Try to fix this up by adding the needed "error handling" to the place
where the fault injection was causing the failure, and see if that
really is realistic or not.

good luck!

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ