On Tue, 2017-08-01 at 13:50 -0400, da...@codemonkey.org.uk wrote:
> On Tue, Aug 01, 2017 at 10:20:31AM -0700, Linus Torvalds wrote:
>
> > So I think the 'pathname' part may actually be entirely a red
> herring,
> > and it's the underlying access itself that just picks up a random
> > pointer fr
On Tue, Aug 1, 2017 at 10:20 AM, Linus Torvalds
wrote:
>
> So I think the 'pathname' part may actually be entirely a red herring,
> and it's the underlying access itself that just picks up a random
> pointer from a stack that now contains something different. And KASAN
> didn't notice the stale st
On Tue, Aug 01, 2017 at 10:20:31AM -0700, Linus Torvalds wrote:
> So I think the 'pathname' part may actually be entirely a red herring,
> and it's the underlying access itself that just picks up a random
> pointer from a stack that now contains something different. And KASAN
> didn't notice t
On Tue, 2017-08-01 at 10:20 -0700, Linus Torvalds wrote:
> On Tue, Aug 1, 2017 at 8:51 AM, da...@codemonkey.org.uk
> wrote:
> > On Mon, Jul 31, 2017 at 10:35:45PM -0700, Linus Torvalds wrote:
> > > Any chance of getting the output from
> > >
> > >./scripts/faddr2line vmlinux
> > nfs4_exchan
On Tue, Aug 1, 2017 at 8:51 AM, da...@codemonkey.org.uk
wrote:
> On Mon, Jul 31, 2017 at 10:35:45PM -0700, Linus Torvalds wrote:
> > Any chance of getting the output from
> >
> >./scripts/faddr2line vmlinux nfs4_exchange_id_done+0x3d7/0x8e0
>
>
> Hm, that points to this..
>
> 7463
On Mon, Jul 31, 2017 at 10:35:45PM -0700, Linus Torvalds wrote:
> On Mon, Jul 31, 2017 at 8:43 AM, da...@codemonkey.org.uk
> wrote:
> > Another NFSv4 KASAN splat, this time from rc3.
> >
> > BUG: KASAN: use-after-free in nfs4_exchange_id_done+0x3d7/0x8e0 [nfsv4]
>
> Ugh. It's really hard t
On Mon, Jul 31, 2017 at 8:43 AM, da...@codemonkey.org.uk
wrote:
> Another NFSv4 KASAN splat, this time from rc3.
>
> BUG: KASAN: use-after-free in nfs4_exchange_id_done+0x3d7/0x8e0 [nfsv4]
Ugh. It's really hard to tell what access that it - KASAN doesn't
actually give enough information. There's
Another NFSv4 KASAN splat, this time from rc3.
==
BUG: KASAN: use-after-free in nfs4_exchange_id_done+0x3d7/0x8e0 [nfsv4]
Read of size 8 at addr 8804508af528 by task kworker/2:1/34
CPU: 2 PID: 34 Comm: kworker/2:1 Not tainted 4.
On Sun, Jul 16, 2017 at 8:05 PM, da...@codemonkey.org.uk
wrote:
> On Sun, Jul 16, 2017 at 10:57:27PM +, Trond Myklebust wrote:
>
> > > BUG: KASAN: global-out-of-bounds in call_start+0x93/0x100
> > > Read of size 8 at addr 8d582588 by task kworker/0:1/22
> >
> > Does the following p
On Sun, Jul 16, 2017 at 10:57:27PM +, Trond Myklebust wrote:
> > BUG: KASAN: global-out-of-bounds in call_start+0x93/0x100
> > Read of size 8 at addr 8d582588 by task kworker/0:1/22
>
> Does the following patch fix it?
Yep, seems to do the trick!
Dave
Hi Dave,
On Sun, 2017-07-16 at 17:15 -0400, Dave Jones wrote:
> On Fri, Jul 14, 2017 at 10:25:43AM -0400, Dave Jones wrote:
> > On Thu, Jul 13, 2017 at 05:16:24PM -0400, Anna Schumaker wrote:
> > > Hi Linus,
> > >
> > > The following changes since commit
> 32c1431eea4881a6b17bd7c639315010a
On Fri, Jul 14, 2017 at 10:25:43AM -0400, Dave Jones wrote:
> On Thu, Jul 13, 2017 at 05:16:24PM -0400, Anna Schumaker wrote:
> > Hi Linus,
> >
> > The following changes since commit
> 32c1431eea4881a6b17bd7c639315010aeefa452:
> >
> > Linux 4.12-rc5 (2017-06-11 16:48:20 -0700)
>
> I find "hardening" code that adds bugs to be particularly bad and
> ugly, the same way that I absolutely *hate* debugging code that turns
> out to make debugging impossible (we had that with the "better" stack
> tracing code that caused kernel panics to kill the machine entirely
> rather than sho
> The reason q_size isn't used is because it doesn't yet prevent read
> overflow. The commit message mentions that among the current
> limitations
> along with __builtin_object_size(ptr, 1).
Er rather, in strlcat, the q_size is unused after the fast path is
because strnlen obtains the constant aga
On Fri, 2017-07-14 at 13:50 -0700, Linus Torvalds wrote:
> On Fri, Jul 14, 2017 at 1:38 PM, Daniel Micay
> wrote:
> >
> > If strscpy treats the count parameter as a *guarantee* of the dest
> > size
> > rather than a limit,
>
> No, it's a *limit*.
>
> And by a *limit*, I mean that we know that w
> My initial patch used strlcpy there, because I wasn't aware of strscpy
> before it was suggested:
>
> http://www.openwall.com/lists/kernel-hardening/2017/05/04/11
>
> I was wrong to move it to strscpy. It could be switched back to
> strlcpy
> again unless the kernel considers the count paramete
On Fri, Jul 14, 2017 at 1:38 PM, Daniel Micay wrote:
>
> If strscpy treats the count parameter as a *guarantee* of the dest size
> rather than a limit,
No, it's a *limit*.
And by a *limit*, I mean that we know that we can access both source
and destination within that limit.
> My initial patch
On Fri, 2017-07-14 at 12:58 -0700, Linus Torvalds wrote:
> On Fri, Jul 14, 2017 at 12:43 PM, Andrey Ryabinin
> wrote:
> >
> > > yet when I look at the generated code for __ip_map_lookup, I see
> > >
> > >movl$32, %edx #,
> > >movq%r13, %rsi # class,
> > >
On 07/14/2017 10:58 PM, Linus Torvalds wrote:
> On Fri, Jul 14, 2017 at 12:43 PM, Andrey Ryabinin
> wrote:
>>
>>> yet when I look at the generated code for __ip_map_lookup, I see
>>>
>>>movl$32, %edx #,
>>>movq%r13, %rsi # class,
>>>leaq48(%rax), %r
On Fri, Jul 14, 2017 at 12:43 PM, Andrey Ryabinin
wrote:
>
>> yet when I look at the generated code for __ip_map_lookup, I see
>>
>>movl$32, %edx #,
>>movq%r13, %rsi # class,
>>leaq48(%rax), %rdi #, tmp126
>>callstrscpy #
>>
>> what's the
On Fri, Jul 14, 2017 at 12:05:02PM -0700, Linus Torvalds wrote:
> On Fri, Jul 14, 2017 at 7:25 AM, Dave Jones wrote:
> > On Thu, Jul 13, 2017 at 05:16:24PM -0400, Anna Schumaker wrote:
> > >
> > > git://git.linux-nfs.org/projects/anna/linux-nfs.git
> > tags/nfs-for-4.13-1
> >
> > Since
On 07/14/2017 10:05 PM, Linus Torvalds wrote:
> On Fri, Jul 14, 2017 at 7:25 AM, Dave Jones wrote:
>> On Thu, Jul 13, 2017 at 05:16:24PM -0400, Anna Schumaker wrote:
>> >
>> > git://git.linux-nfs.org/projects/anna/linux-nfs.git tags/nfs-for-4.13-1
>>
>> Since this landed, I'm seeing this dur
On Fri, Jul 14, 2017 at 7:25 AM, Dave Jones wrote:
> On Thu, Jul 13, 2017 at 05:16:24PM -0400, Anna Schumaker wrote:
> >
> > git://git.linux-nfs.org/projects/anna/linux-nfs.git tags/nfs-for-4.13-1
>
> Since this landed, I'm seeing this during boot..
>
> ===
On Fri, Jul 14, 2017 at 10:25:43AM -0400, Dave Jones wrote:
> On Thu, Jul 13, 2017 at 05:16:24PM -0400, Anna Schumaker wrote:
> > Hi Linus,
> >
> > The following changes since commit
> 32c1431eea4881a6b17bd7c639315010aeefa452:
> >
> > Linux 4.12-rc5 (2017-06-11 16:48:20 -0700)
> >
> >
On Thu, Jul 13, 2017 at 05:16:24PM -0400, Anna Schumaker wrote:
> Hi Linus,
>
> The following changes since commit 32c1431eea4881a6b17bd7c639315010aeefa452:
>
> Linux 4.12-rc5 (2017-06-11 16:48:20 -0700)
>
> are available in the git repository at:
>
> git://git.linux-nfs.org/projec
On 07/14/2017 03:09 AM, Christoph Hellwig wrote:
> On Thu, Jul 13, 2017 at 02:43:14PM -0700, Linus Torvalds wrote:
>> On Thu, Jul 13, 2017 at 2:16 PM, Anna Schumaker
>> wrote:
>>>
>>> git://git.linux-nfs.org/projects/anna/linux-nfs.git tags/nfs-for-4.13-1
>>
>> Btw, your key seems to have expi
On Thu, Jul 13, 2017 at 02:43:14PM -0700, Linus Torvalds wrote:
> On Thu, Jul 13, 2017 at 2:16 PM, Anna Schumaker
> wrote:
> >
> > git://git.linux-nfs.org/projects/anna/linux-nfs.git tags/nfs-for-4.13-1
>
> Btw, your key seems to have expired, and doing a refresh on it doesn't fix it.
>
> I'm
On Thu, Jul 13, 2017 at 2:16 PM, Anna Schumaker
wrote:
>
> git://git.linux-nfs.org/projects/anna/linux-nfs.git tags/nfs-for-4.13-1
Btw, your key seems to have expired, and doing a refresh on it doesn't fix it.
I'm sure you've refreshed your key, but apparently that refresh hasn't
been percolat
Hi Linus,
The following changes since commit 32c1431eea4881a6b17bd7c639315010aeefa452:
Linux 4.12-rc5 (2017-06-11 16:48:20 -0700)
are available in the git repository at:
git://git.linux-nfs.org/projects/anna/linux-nfs.git tags/nfs-for-4.13-1
for you to fetch changes up to b4f937cffa66b3d56
29 matches
Mail list logo
