lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250527153106.WFmvR15N@linutronix.de>
Date: Tue, 27 May 2025 17:31:06 +0200
From: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
To: Peter Zijlstra <peterz@...radead.org>
Cc: syzbot <syzbot+9afaf6749e3a7aa1bdf3@...kaller.appspotmail.com>,
	andrealmeid@...lia.com, dave@...olabs.net, dvhart@...radead.org,
	linux-kernel@...r.kernel.org, mingo@...hat.com,
	syzkaller-bugs@...glegroups.com, tglx@...utronix.de
Subject: Re: [syzbot] [kernel?] KASAN: wild-memory-access Read in
 get_futex_key

On 2025-05-27 16:22:17 [+0200], Peter Zijlstra wrote:
> >  get_futex_key+0x595/0x1540 kernel/futex/core.c:587
> 
> Does the this help?

it avoids boom but reject FUTEX_NO_NODE. What about

diff --git a/kernel/futex/core.c b/kernel/futex/core.c
index 19a2c65f3d373..d0f5645eac61c 100644
--- a/kernel/futex/core.c
+++ b/kernel/futex/core.c
@@ -583,8 +583,9 @@ int get_futex_key(u32 __user *uaddr, unsigned int flags, union futex_key *key,
 		if (futex_get_value(&node, naddr))
 			return -EFAULT;
 
-		if (node != FUTEX_NO_NODE &&
-		    (node >= MAX_NUMNODES || !node_possible(node)))
+		if ((node != FUTEX_NO_NODE) &&
+		    (node < 0 || node > nr_node_ids ||
+		     !node_possible(node)))
 			return -EINVAL;
 	}
 

Sebastian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ