lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250626-hinhalten-behaarten-43b8f306fee0@brauner>
Date: Thu, 26 Jun 2025 10:19:41 +0200
From: Christian Brauner <brauner@...nel.org>
To: Arnd Bergmann <arnd@...db.de>
Cc: Marek Szyprowski <m.szyprowski@...sung.com>, 
	Arnd Bergmann <arnd@...nel.org>, Alexander Viro <viro@...iv.linux.org.uk>, 
	Jan Kara <jack@...e.cz>, Alexander Mikhalitsyn <alexander@...alicyn.com>, 
	Jann Horn <jannh@...gle.com>, Luca Boccassi <luca.boccassi@...il.com>, 
	Jeff Layton <jlayton@...nel.org>, Roman Kisel <romank@...ux.microsoft.com>, 
	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] coredump: reduce stack usage in vfs_coredump()

On Wed, Jun 25, 2025 at 03:29:50PM +0200, Arnd Bergmann wrote:
> On Wed, Jun 25, 2025, at 13:54, Marek Szyprowski wrote:
> > On 25.06.2025 13:41, Marek Szyprowski wrote:
> >>
> >> This change appears in today's linux-next (next-20250625) as commit 
> >> fb82645d3f72 ("coredump: reduce stack usage in vfs_coredump()"). In my 
> >> tests I found that it causes a kernel oops on some of my ARM 32bit 
> >> Exynos based boards. This is really strange, because I don't see any 
> >> obvious problem in this patch. Reverting $subject on top of linux-next 
> >> hides/fixes the oops. I suspect some kind of use-after-free issue, but 
> >> I cannot point anything related. Here is the kernel log from one of 
> >> the affected boards (I've intentionally kept the register and stack 
> >> dumps):
> >
> > I've just checked once again and found the source of the issue. 
> > vfs_coredump() calls coredump_cleanup(), which calls coredump_finish(), 
> > which performs the following dereference:
> >
> > next = current->signal->core_state->dumper.next
> >
> > of the core_state assigned in zap_threads() called from coredump_wait(). 
> > It looks that core_state cannot be moved into coredump_wait() without 
> > refactoring/cleaning this first.
> 
> Thanks for the analysis, I agree that this can't work and my patch
> just needs to be dropped. The 'noinline_for_stack' change on
> its own is probably sufficient to avoid the warning, and I can
> respin a new version after more build testing.

@Arnd, I've dropped the previous patch. I'll wait for you to respin.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ