lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <c2d99ec3-d69e-b47d-45cc-0ad39893afd7@salutedevices.com>
Date: Tue, 11 Feb 2025 19:22:51 +0300
From: Arseniy Krasnov <avkrasnov@...utedevices.com>
To: <hdanton@...a.com>, <linux-bluetooth@...r.kernel.org>,
	<linux-kernel@...r.kernel.org>, <luiz.dentz@...il.com>,
	<luiz.von.dentz@...el.com>, <marcel@...tmann.org>, <netdev@...r.kernel.org>
Subject: Re: [DMARC error] Re: [syzbot] [bluetooth?] KASAN:
 slab-use-after-free Read in skb_queue_purge_reason (2)

May be my previous version was free of this problem ?

https://lore.kernel.org/linux-bluetooth/a1db0c90-1803-e01c-3e23-d18e4343a4eb@salutedevices.com/

Thanks

On 11.02.2025 17:16, Arseniy Krasnov wrote:
> Hi, I guess problem here is that, if hci_uart_tty_close() will be called between
> setting HCI_UART_PROTO_READY and skb_queue_head_init(), in that case mrvl_close()
> will access uninitialized data.
> 
> hci_uart_set_proto() {
>         ...
>         set_bit(HCI_UART_PROTO_READY, &hu->flags);
>                                                    
>         err = hci_uart_register_dev(hu);
>                 mrvl_open()
>                     skb_queue_head_init();
> 
>         if (err) {
>                 return err;
>         }
>         ...
> }
> 
> Thanks
> 
> On 10.02.2025 14:26, syzbot wrote:
>> syzbot has bisected this issue to:
>>
>> commit c411c62cc13319533b1861e00cedc4883c3bc1bb
>> Author: Arseniy Krasnov <avkrasnov@...utedevices.com>
>> Date:   Thu Jan 30 18:43:26 2025 +0000
>>
>>     Bluetooth: hci_uart: fix race during initialization
>>
>> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=116cebdf980000
>> start commit:   40b8e93e17bf Add linux-next specific files for 20250204
>> git tree:       linux-next
>> final oops:     https://syzkaller.appspot.com/x/report.txt?x=136cebdf980000
>> console output: https://syzkaller.appspot.com/x/log.txt?x=156cebdf980000
>> kernel config:  https://syzkaller.appspot.com/x/.config?x=ec880188a87c6aad
>> dashboard link: https://syzkaller.appspot.com/bug?extid=683f8cb11b94b1824c77
>> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10b7eeb0580000
>> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=12f74f64580000
>>
>> Reported-by: syzbot+683f8cb11b94b1824c77@...kaller.appspotmail.com
>> Fixes: c411c62cc133 ("Bluetooth: hci_uart: fix race during initialization")
>>
>> For information about bisection process see: https://goo.gl/tpsmEJ#bisection

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ