Re: [syzbot] [mm?] [hardening?] BUG: bad usercopy in do_handle_open
From: Gustavo A. R. Silva
Date: Fri Apr 05 2024 - 14:21:50 EST
usercopy: Kernel memory overwrite attempt detected to SLUB object 'kmalloc-16' (offset 8, size 9)!
We tried to copy 9 bytes into the f_handle[] array.
But from my reading of the reproducer, f_handle.handle_bytes was set to 1.
Aneesh, any thoughts on this?
This was previously reported:
https://lore.kernel.org/linux-nfs/tencent_A7845DD769577306D813742365E976E3A205@xxxxxx/
and it's fixed in linux-next already:
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=02426828cde24cd5b6cf5f30467cea085118f657
--
Gustavo