On Sun, Feb 04, 2018 at 12:10:58PM +0100, Dmitry Vyukov wrote:
> >
> > To get memory corruption it's actually sufficient just to submit "1-byte"
> > reads;
> > there's no need for the SG_NEXT_CMD_LEN ioctl or anything:
> >
> > #include
> > #include
> >
> > int main()
> >
On Sun, Feb 4, 2018 at 10:07 AM, Eric Biggers wrote:
> On Thu, Feb 01, 2018 at 05:21:12PM +0100, 'Dmitry Vyukov' via syzkaller wrote:
>> On Thu, Feb 1, 2018 at 5:17 PM, Ben Hutchings
>> wrote:
>> > On Thu, 2018-02-01 at 08:04 +0100, Dmitry Vyukov wrote:
>> >> On Thu, Feb 1, 2018 at 7:03 AM, Dougl
On Thu, Feb 01, 2018 at 05:21:12PM +0100, 'Dmitry Vyukov' via syzkaller wrote:
> On Thu, Feb 1, 2018 at 5:17 PM, Ben Hutchings
> wrote:
> > On Thu, 2018-02-01 at 08:04 +0100, Dmitry Vyukov wrote:
> >> On Thu, Feb 1, 2018 at 7:03 AM, Douglas Gilbert
> >> wrote:
> >> > On 2018-01-30 07:22 AM, Dmit
On Thu, Feb 1, 2018 at 5:17 PM, Ben Hutchings
wrote:
> On Thu, 2018-02-01 at 08:04 +0100, Dmitry Vyukov wrote:
>> On Thu, Feb 1, 2018 at 7:03 AM, Douglas Gilbert
>> wrote:
>> > On 2018-01-30 07:22 AM, Dmitry Vyukov wrote:
> [...]
>> > > [1:0:0:0]cd/dvd QEMU QEMU DVD-ROM 2.0. /dev/s
On Thu, 2018-02-01 at 08:04 +0100, Dmitry Vyukov wrote:
> On Thu, Feb 1, 2018 at 7:03 AM, Douglas Gilbert wrote:
> > On 2018-01-30 07:22 AM, Dmitry Vyukov wrote:
[...]
> > > [1:0:0:0]cd/dvd QEMU QEMU DVD-ROM 2.0. /dev/sr0 /dev/sg1
> > >
> > > # readlink /sys/class/scsi_generic/sg0
On Thu, Feb 1, 2018 at 7:03 AM, Douglas Gilbert wrote:
> On 2018-01-30 07:22 AM, Dmitry Vyukov wrote:
>>
>> Uh, I've answered this a week ago, but did not notice that Doug
>> dropped everybody from CC. Reporting to all.
>>
>> On Mon, Jan 22, 2018 at 8:16 PM, Douglas Gilbert
>> wrote:
>>>
>>> On 2
On 2018-01-30 07:22 AM, Dmitry Vyukov wrote:
Uh, I've answered this a week ago, but did not notice that Doug
dropped everybody from CC. Reporting to all.
On Mon, Jan 22, 2018 at 8:16 PM, Douglas Gilbert wrote:
On 2018-01-22 02:06 PM, Dmitry Vyukov wrote:
On Mon, Jan 22, 2018 at 7:57 PM, Doug
On Mon, 2018-01-22 at 20:06 +0100, Dmitry Vyukov wrote:
> On Mon, Jan 22, 2018 at 7:57 PM, Douglas Gilbert
> wrote:
> > As far as I remember, Dmitry has not indicated in multiple reports
> > over several years what /dev/sg0 is.
>
> That's because I know nothing about sg. If you give a command to
On Mon, Jan 22, 2018 at 7:57 PM, Douglas Gilbert wrote:
> On 2018-01-22 11:30 AM, Bart Van Assche wrote:
>>
>> On Mon, 2018-01-22 at 12:06 +0100, Dmitry Vyukov wrote:
>>>
>>> general protection fault: [#1] SMP KASAN
>>
>>
>> How about the untested patch below?
>>
>> Thanks,
>>
>> Bart.
>>
>>
On 2018-01-22 11:30 AM, Bart Van Assche wrote:
On Mon, 2018-01-22 at 12:06 +0100, Dmitry Vyukov wrote:
general protection fault: [#1] SMP KASAN
How about the untested patch below?
Thanks,
Bart.
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
index cd9b6ebd7257..04a644b39d79 100644
On Mon, 2018-01-22 at 12:06 +0100, Dmitry Vyukov wrote:
> general protection fault: [#1] SMP KASAN
How about the untested patch below?
Thanks,
Bart.
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
index cd9b6ebd7257..04a644b39d79 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@
Hello,
The following program triggers assorted memory corruptions on 4.15-rc9:
// autogenerated by syzkaller (http://github.com/google/syzkaller)
#include
#include
#include
#include
#include
#define SG_NEXT_CMD_LEN 0x2283
int main()
{
int fd = open("/dev/sg0", O_RDWR);
long len = 9;
12 matches
Mail list logo
