lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Apr 2022 12:27:15 -0700 From: Tadeusz Struk <tadeusz.struk@...aro.org> To: Andrii Nakryiko <andrii.nakryiko@...il.com> Cc: bpf <bpf@...r.kernel.org>, Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau <kafai@...com>, Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>, John Fastabend <john.fastabend@...il.com>, KP Singh <kpsingh@...nel.org>, Networking <netdev@...r.kernel.org>, linux- stable <stable@...r.kernel.org>, open list <linux-kernel@...r.kernel.org>, syzbot+f264bffdfbd5614f3bb2@...kaller.appspotmail.com Subject: Re: [PATCH] bpf: Fix KASAN use-after-free Read in compute_effective_progs On 4/13/22 12:07, Andrii Nakryiko wrote: >> it would be ideal if detach would never fail, but it would require some kind of >> prealloc, on attach maybe? Another option would be to minimize the probability > We allocate new arrays in update_effective_progs() under assumption > that we might need to grow the array because we use > update_effective_progs() for attachment. But for detachment we know > that we definitely don't need to increase the size, we need to remove > existing element only, thus shrinking the size. > > Normally we'd reallocate the array to shrink it (and that's why we use > update_effective_progs() and allocate memory), but we can also have a > fallback path for detachment only to reuse existing effective arrays > and just shift all the elements to the right from the element that's > being removed. We'll leave NULL at the end, but that's much better > than error out. Subsequent attachment or detachment will attempt to > properly size and reallocate everything. > > So I think that should be the fix, if you'd be willing to work on it. That makes it much easier then. I will change it so that there is no alloc needed on the detach path. Thanks for the clarification. -- Thanks, Tadeusz
Powered by blists - more mailing lists