lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <7e3278d0-032c-447a-a4f4-0a34a09541f1@huawei.com>
Date: Thu, 18 Dec 2025 09:49:31 +0800
From: Baokun Li <libaokun1@...wei.com>
To: 余昊铖 <3230100410@....edu.cn>
CC: <security@...nel.org>, <linux-ext4@...r.kernel.org>,
	<linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] ext4: Fix KASAN use-after-free in ext4_find_extent

On 2025-12-17 23:22, 余昊铖 wrote:
> Hi,
>
> Sorry but I am a bit confused by your words. My original fuzz tesing already enabled CONFIG_BLK_DEV_WRITE_MOUNTED as in most major Linux distributions. 
>
> So does a bug found when CONFIG_BLK_DEV_WRITE_MOUNTED is enabled still hold value for reporting? Should I enable or disable this configuration in my future fuzzing work?

Oh, my apologies—I mistakenly wrote "enable" instead of "disable" which
must have been confusing.

Distributions typically enable this config because some userspace tools
still rely on writing directly to the raw disk. Once all userspace tools
transition to using ioctls, we will be able to disable it globally or
specifically for certain filesystems in distributions.

However, during testing, this feature is often disabled to avoid false
positives by prohibiting raw writes that bypass the filesystem.

You can find more details in the original patchset if you're interested:
https://lore.kernel.org/all/20231101173542.23597-1-jack@suse.cz


Cheers,
Baokun

>
> Thanks,
> Haocheng Yu
>
>>> Hi,
>>>
>>> I have disabled CONFIG_BLK_DEV_WRITE_MOUNTED and spent some time trying to trigger the reported KASAN issues. And I found neither of the two bugs has been observed since. Is this issue still worth investigating?
>> That essentially confirms the issue is caused by bypassing the
>> filesystem to write directly to the raw disk. This is a known
>> issue and is quite tricky to solve.
>>
>> You can work around this specific class of issues in your fuzz
>> testing by enabling CONFIG_BLK_DEV_WRITE_MOUNTED. Syzbot runs
>> with this configuration enabled by default.
>>
>>
>> Cheers,
>> Baokun

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ