Re: KASAN: slab-out-of-bounds Write in tty_insert_flip_string_fixed_flag

From: Greg KH
Date: Thu Apr 19 2018 - 04:17:46 EST

Next message: Neil Armstrong: "Re: [PATCH] drm: bridge: dw-hdmi: Fix overflow workaround for Amlogic Meson GX SoCs"
Previous message: Thomas Gleixner: "Re: [patch 5/8] rslib: Split rs control struct"
In reply to: DaeRyong Jeong: "KASAN: slab-out-of-bounds Write in tty_insert_flip_string_fixed_flag"
Next in thread: DaeRyong Jeong: "Re: KASAN: slab-out-of-bounds Write in tty_insert_flip_string_fixed_flag"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Apr 19, 2018 at 05:09:16PM +0900, DaeRyong Jeong wrote:
> We report the crash:
> KASAN: slab-out-of-bounds Write in tty_insert_flip_string_fixed_flag
>
> This crash has been found in v4.16 using RaceFuzzer (a modified
> version of Syzkaller), which we describe more at the end of this
> report. Our analysis shows that the race occurs when invoking two
> syscalls concurrently, ioctl$TCXONC(r0, 0x540a, 0x2) and
> ioctl$TCXONC(r0, 0x540a, 0x1).

Nice!

Do you have a kernel patch to resolve this issue?

thanks,

greg k-h

Next message: Neil Armstrong: "Re: [PATCH] drm: bridge: dw-hdmi: Fix overflow workaround for Amlogic Meson GX SoCs"
Previous message: Thomas Gleixner: "Re: [patch 5/8] rslib: Split rs control struct"
In reply to: DaeRyong Jeong: "KASAN: slab-out-of-bounds Write in tty_insert_flip_string_fixed_flag"
Next in thread: DaeRyong Jeong: "Re: KASAN: slab-out-of-bounds Write in tty_insert_flip_string_fixed_flag"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]