lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Wed, 13 Jun 2018 13:14:55 +0200
From:   Dmitry Vyukov <>
To:     Sowmini Varadhan <>
Cc:     David Miller <>,
        netdev <>,,
        Santosh Shilimkar <>,
        Tetsuo Handa <>
Subject: Re: KASAN: out-of-bounds Read in rds_cong_queue_updates (2)

On Wed, Jun 13, 2018 at 12:19 PM, Sowmini Varadhan
<> wrote:
> On (06/13/18 09:52), Dmitry Vyukov wrote:
>> I think this is:
>> #syz dup: KASAN: use-after-free Read in rds_cong_queue_updates
> Indeed. We'd had a discussion about getting a dump of threads
> using sysrq (or similar), given the challenges around actually
> getting a crash dump, is that now possible? That will certainly help.

Still no automation around it.

But you can add thread dump on panic locally.

This is a common pattern recently that kernel does not provide enough
information for debugging on bugs. +Testuo
Since we panic on all kernel bugs, perhaps it's panic's work to dump
as much info as possible.

> another missing bit is that we still need the sychronize_net()
> in rds_release(). I realize synchronize_net() is sub-optimal for perf,
> but leaving this existing hole where races can occur in unexpected
> manifestations is not ideal either.
> (See for earlier
> discussion thread)

Powered by blists - more mailing lists