Re: [syzbot] [mm?] [hardening?] BUG: bad usercopy in do_handle_open

From: Gustavo A. R. Silva
Date: Fri Apr 05 2024 - 14:21:50 EST

Next message: Krzysztof Kozlowski: "Re: [RESEND PATCH v9 2/4] dt-bindings: stm32: update DT bingding for stm32mp25"
Previous message: Eric Dumazet: "Re: [PATCH net-next v2] ipvlan: handle NETDEV_DOWN event"
In reply to: Andrew Morton: "Re: [syzbot] [mm?] [hardening?] BUG: bad usercopy in do_handle_open"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

usercopy: Kernel memory overwrite attempt detected to SLUB object 'kmalloc-16' (offset 8, size 9)!

We tried to copy 9 bytes into the f_handle[] array.

But from my reading of the reproducer, f_handle.handle_bytes was set to 1.

Aneesh, any thoughts on this?

This was previously reported:

https://lore.kernel.org/linux-nfs/tencent_A7845DD769577306D813742365E976E3A205@xxxxxx/

and it's fixed in linux-next already:

https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=02426828cde24cd5b6cf5f30467cea085118f657

--
Gustavo

Next message: Krzysztof Kozlowski: "Re: [RESEND PATCH v9 2/4] dt-bindings: stm32: update DT bingding for stm32mp25"
Previous message: Eric Dumazet: "Re: [PATCH net-next v2] ipvlan: handle NETDEV_DOWN event"
In reply to: Andrew Morton: "Re: [syzbot] [mm?] [hardening?] BUG: bad usercopy in do_handle_open"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]