Re: KASAN: use-after-free Read in __list_add_valid (5)

From: Dmitry Vyukov
Date: Wed Feb 20 2019 - 10:43:02 EST


On Thu, Jul 5, 2018 at 1:26 AM Eric Biggers <ebiggers3@xxxxxxxxx> wrote:
>
> On Tue, May 15, 2018 at 01:49:23PM -0700, Roland Dreier wrote:
> > > Still reproducible on Linus' tree (commit 66e1c94db3cd4e) and on linux-next
> > > (next-20180511). Here's a simplified reproducer:
> >
> > Thanks! That's a fantastic test case.
> >
> > The issue is a race where rdma_listen() sees invalid state in the
> > middle of an rdma_bind_addr() call that will ultimately fail. I'll
> > send a proposed patch shortly.
> >
> > - R.
>
> Ping; there's still no fix merged for this. The reproducer also works as an
> unprivileged user.

I don't see any patch similar to the tested one being merged. But this
stopped happening, so let's do:

#syz fix: ucma: fix a use-after-free in ucma_resolve_ip()