Re: [memdup_user_nul] kernel BUG at mm/slab.c:2735!

From: Al Viro
Date: Tue Dec 29 2015 - 09:57:17 EST

Next message: Bamvor Jian Zhang: "[PATCH] arm64: compat: fix wrong dependency"
Previous message: Ming Lei: "[PATCH v2 3/3] bpf: hash: use per-bucket spinlock"
In reply to: Al Viro: "Re: [memdup_user_nul] kernel BUG at mm/slab.c:2735!"
Next in thread: Fengguang Wu: "[memdup_user_nul] BUG: unable to handle kernel NULL pointer dereference at 00000100"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Dec 29, 2015 at 02:39:47PM +0000, Al Viro wrote:
> On Tue, Dec 29, 2015 at 08:38:43PM +0800, Fengguang Wu wrote:
> > Hi Al,
> >
> > It looks this patch has various impacts. Here are some more bug messages.
> >
> > https://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git work.misc
> >
> > commit c7af9d5728bed29ef614324e67e066896d087c8f
>
> The version in vfs.git has been ad8e00e50cbda2ce3831a4badc239ad014eec69 for
> a couple of days already...

FWIW, the difference (and the source of those bugs) is that the earlier
variant had missed the fact that value of kbuf gets modified between the
allocation and freeing, so it ended up doing kfree() on the tail of kmalloced
buffer.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Bamvor Jian Zhang: "[PATCH] arm64: compat: fix wrong dependency"
Previous message: Ming Lei: "[PATCH v2 3/3] bpf: hash: use per-bucket spinlock"
In reply to: Al Viro: "Re: [memdup_user_nul] kernel BUG at mm/slab.c:2735!"
Next in thread: Fengguang Wu: "[memdup_user_nul] BUG: unable to handle kernel NULL pointer dereference at 00000100"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]