| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGiJo8RrxaUfLhk1LWPk_iDB+XJc0=gMoKXcxAS02qyqHVxJ_Q@mail.gmail.com> Date: Mon, 4 Nov 2024 08:54:27 -0800 From: Daniel Yang <danielyangkang@...il.com> To: Jan Kara <jack@...e.cz> Cc: Alexander Viro <viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>, "open list:FILESYSTEMS (VFS and infrastructure)" <linux-fsdevel@...r.kernel.org>, open list <linux-kernel@...r.kernel.org>, syzbot+d2125fcb6aa8c4276fd2@...kaller.appspotmail.com Subject: Re: [PATCH] fix: general protection fault in iter_file_splice_write > > - pipe_buf_release(pipe, buf); > > + if (buf->ops) > > + pipe_buf_release(pipe, buf); > > Umm, already released pipe buf? How would it get here? If you're talking about the pipe_buf_release before the if statement, that line is a - not a + so I basically just added the if statement before release to check that buf->ops does not get deterrences in pipe_buf_release while null. It's the same two lines as when pipe is released in splice_direct_to_actor. > We have filled the > buffers shortly before so IMHO it indicates some deeper problem. Can you > please explain a bit more? I just worked off of this crash log: https://syzkaller.appspot.com/text?tag=CrashReport&x=16adfaa7980000 If the buffer is filled before, does that mean the issue would be in do_send_file or do_splice_direct?
Powered by blists - more mailing lists