Re: KASAN: slab-out-of-bounds Read in handle_vmptrld

From: Paolo Bonzini
Date: Fri Sep 13 2019 - 11:01:29 EST

On 13/09/19 15:02, Greg Kroah-Hartman wrote:
> Look at linux-next, we "should" have fixed up hcd_buffer_alloc() now to
> not need this type of thing. If we got it wrong, please let us know and
> then yes, a fix like this would be most appreciated :)

I still see

/* some USB hosts just use PIO */
if (!hcd_uses_dma(hcd)) {
*dma = ~(dma_addr_t) 0;
return kmalloc(size, mem_flags);

in linux-next's hcd_buffer_alloc and also in usb.git's usb-next branch.
I also see the same

if (remap_pfn_range(vma, vma->vm_start,
virt_to_phys(usbm->mem) >> PAGE_SHIFT,
size, vma->vm_page_prot) < 0) {

in usbdev_mmap. Of course it's possible that I'm looking at the wrong
branch, or just being dense.