| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 29 Nov 2015 10:21:50 -0800 From: Alexei Starovoitov <alexei.starovoitov@...il.com> To: Dmitry Vyukov <dvyukov@...gle.com> Cc: Alexei Starovoitov <ast@...nel.org>, netdev <netdev@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, syzkaller <syzkaller@...glegroups.com>, Kostya Serebryany <kcc@...gle.com>, Alexander Potapenko <glider@...gle.com>, Eric Dumazet <edumazet@...gle.com>, Sasha Levin <sasha.levin@...cle.com>, daniel@...earbox.net Subject: Re: user-controllable kmalloc size in bpf syscall On Sun, Nov 29, 2015 at 02:18:29PM +0100, Dmitry Vyukov wrote: > ca.key_size = 1; > ca.value_size = 0xfffffff9; > ca.max_entries = 10; > int fd = syscall(SYS_bpf, BPF_MAP_CREATE, &ca, sizeof(ca)); ... > ------------[ cut here ]------------ > WARNING: CPU: 2 PID: 11122 at mm/page_alloc.c:2989 > __alloc_pages_nodemask+0x695/0x14e0() thanks for the report. That's an integer overflow :( working on the fix. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists