Re: KASAN: stack-out-of-bounds Write in mpol_to_str

From: Andrew Morton
Date: Sat Mar 21 2020 - 02:45:23 EST

Next message: Luo bin: "[PATCH net 5/5] hinic: fix wrong value of MIN_SKB_LEN"
Previous message: Lukas Bulwahn: "[PATCH] MAINTAINERS: update entry after SPI NOR controller move"
In reply to: Randy Dunlap: "Re: KASAN: stack-out-of-bounds Write in mpol_to_str"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 20 Mar 2020 12:36:38 +0400 Entropy Moe <3ntr0py1337@xxxxxxxxx> wrote:

> Hello Randy,
> please see attached POC for the vulnerability.
>

Thanks. Ouch. afaict shmem's S_IFREG inode's mpol's preferred_node is
messed up.

I don't think anyone has worked on this code in a decade or more. Is
someone up to taking a look please?

> On Mon, Mar 16, 2020 at 10:46 PM Randy Dunlap <rdunlap@xxxxxxxxxxxxx> wrote:
>
> > On 3/15/20 12:57 PM, Entropy Moe wrote:
> > > Hello team,
> > > how are you ?
> > > I wanted to report a bug on mempolicy.c. I found the bug on the latest
> > version of the kernel.
> > >
> > > which is stack out of bound vulnerability.
> > >
> > > I am attaching report.
> > >
> > > If you need the POC crash code, I can provide.
> >
> > Hi Moe,
> >
> > Please post the POC code and your kernel .config file.
> >
> > thanks.
> > --
> > ~Randy
> >
> >

Next message: Luo bin: "[PATCH net 5/5] hinic: fix wrong value of MIN_SKB_LEN"
Previous message: Lukas Bulwahn: "[PATCH] MAINTAINERS: update entry after SPI NOR controller move"
In reply to: Randy Dunlap: "Re: KASAN: stack-out-of-bounds Write in mpol_to_str"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]