ed by ovl_create() to lookup_open(), which casts it to
> > an invalid dentry pointer, that can be further read or written by the
> > lookup_open() callers.
> >
> > Signed-off-by: Alexander Potapenko
> > Cc: Kees Cook
> > Cc: Roy Yang
> > Cc: # 4.1
>
ituation...
>
> Folks, could you test the following?
>
> copy_xstate_to_kernel(): don't leave parts of destination uninitialized
>
> copy the corresponding pieces of init_fpstate into the gaps instead.
>
> Signed-off-by: Al Viro
Tested-by: Alexander Potapenko
> ---
&
_media(struct us_data *us)
> static int alauda_check_media(struct us_data *us)
> {
> struct alauda_info *info = (struct alauda_info *) us->extra;
> - unsigned char status[2];
> + unsigned char *status = us->iobuf;
> int rc;
>
> rc
;);
> return -ENOMEM;
> }
> - gspca_dev->usb_buf = kmalloc(USB_BUF_SZ, GFP_KERNEL);
> + gspca_dev->usb_buf = kmalloc(USB_BUF_SZ, GFP_KERNEL|__GFP_ZERO);
How about calling kzalloc() then?
> if (!gspca_dev->usb_buf) {
> pr_err("out of memory\n");
> ret = -ENOMEM;
> --
>
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bugs+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/20190608054928.4792-1-hdanton%40sina.com.
> For more options, visit https://groups.google.com/d/optout.
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
gt; > > or another value in the chain.
> > >
> > > Reported-by: kernel test robot
> > > Signed-off-by: Laura Abbott
> >
> > Fixes: 6471384af2a6 ("mm: security: introduce init_on_alloc=1 and
> > init_on_free=1 boot options")
>
> Reviewed-by:
1447,10 @@ static inline bool slab_free_freelist_hook(struct
> kmem_cache *s,
> : 0;
> memset((char *)object + s->inuse, 0,
>s->size - s->inuse - rsize);
> - set_freepointer(s, object, next);
> + set_freepointer(s, object, p);
> + p = object;
> } while (object != old_tail);
> + }
>
> /*
>* Compiler cannot detect this function can be removed if slab_free_hook()
>
This one looks good, care to send a patch? Otherwise I can do that for you.
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
On Tue, Jul 30, 2019 at 9:54 PM Linus Torvalds
wrote:
>
> On Tue, Jul 30, 2019 at 6:53 AM Alexander Potapenko wrote:
> >
> > I wonder how hard it should be to make a zero-filling GCC plugin?
> > I'm not a big fan of hacking GCC, but it shouldn't differ much from
>
ng
the full graphical stack are a lot more interesting.
Those often have big variance though, and are very specific to the
particular system.
Alex
> https://git.kernel.org/linus/81a56f6dcd20
>
> --
> Kees Cook
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
kmalloc() shouldn't sleep while in RCU critical section, therefore
use GFP_ATOMIC instead of GFP_KERNEL.
The bug has been spotted by the 0day kernel testing robot.
Fixes: 7e659650cbda ("lib: introduce test_meminit module")
Signed-off-by: Alexander Potapenko
Cc: Kees Cook
Cc: Andrew
On Mon, Jul 22, 2019 at 4:26 PM Arnd Bergmann wrote:
>
> On Mon, Jul 22, 2019 at 3:43 PM Alexander Potapenko wrote:
> > On Mon, Jul 22, 2019 at 1:41 PM Arnd Bergmann wrote:
> > >
> > > KASAN_STACK is currently implied by KASAN on gcc, but could be made a
> >
therwise be optimized out, so combining
> + this with CONFIG_KASAN_STACK can lead to a stack overflow
> + and is disallowed.
> +
> config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
> bool "zero-init anything passed by reference (very strong)&
Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bugs+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/2019070
goes together with Alexander's series.
Am I understanding right this is already covered by Kees having sent
his patch to -mm tree and I don't need to explicitly include it into
my series?
> Acked-by: Catalin Marinas
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
spotmail.com
> Suggested-by: Alexander Potapenko
> Signed-off-by: Paolo Bonzini
Acked-by: Alexander Potapenko
> ---
> arch/x86/kvm/x86.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index 83aefd7598
Hi Haozhong, Paolo,
KMSAN bot is hitting this warning every now and then.
Is it possible to replace it with a pr_warn()?
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und
size", not object_size.)
> >
>
> I suppose Alexander is going to revise the series anyway, so he can probably
> take care of the issue here in the new version as well. Something like this,
>
> memset(object, 0, s->object_size);
> memset(object, 0, s->size - s->
On Fri, Jun 21, 2019 at 4:56 PM Qian Cai wrote:
>
> On Fri, 2019-06-21 at 16:37 +0200, Alexander Potapenko wrote:
> > On Fri, Jun 21, 2019 at 2:26 PM Qian Cai wrote:
> > >
> > > On Fri, 2019-06-21 at 12:39 +0200, Alexander Potapenko wrote:
> > > > On Fri
On Fri, Jun 21, 2019 at 2:26 PM Qian Cai wrote:
>
> On Fri, 2019-06-21 at 12:39 +0200, Alexander Potapenko wrote:
> > On Fri, Jun 21, 2019 at 3:01 AM Kees Cook wrote:
> > >
> > > On Thu, Jun 20, 2019 at 04:46:06PM -0400, Qian Cai wrote:
> > > > The
_poison_pages(page, 1 << order, 0);
> > if (want_init_on_free())
> > kernel_init_free_pages(page, 1 << order);
> > +
> > + kernel_poison_pages(page, 1 << order, 0);
> > if (debug_pagealloc_enabled())
> > kernel_m
> + false);
> + if (buf_copy) {
> + fail |= (bool)memcmp(buf, buf_copy, size);
> + kfree(buf_copy);
> }
> + rcu_read_unlock();
> }
> kmem_cache_destroy(c);
>
> --
> 2.20.0
>
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
=
>
>
> ---
> This bug is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkal...@googlegroups.com.
>
> syzbot will keep track of this bug report. See:
> https://goo.gl/tpsm
__kasan_unpoison_stack() and __asan_allocas_unpoison()).
So maybe this BUILD_BUG_ON can be added in a separate patch as it's
not specific to what Marco is doing here?
>
> --
> You received this message because you are subscribed to the Google Groups
> "kasan-dev" group.
&
isit
> https://groups.google.com/d/msgid/syzkaller-bugs/2b0b9d18-6773-f2dc-ecb2-9f8782d0962a%40i-love.sakura.ne.jp.
> For more options, visit https://groups.google.com/d/optout.
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
From: Alexander Potapenko
Date: Wed, Jan 2, 2019 at 11:09 AM
To: Jens Axboe
Cc: Andrew Morton, ,
, Andi Kleen, ,
, LKML, Linux Memory Management List,
, ,
> On Wed, Dec 19, 2018 at 2:23 PM Jens Axboe wrote:
> >
> > On 12/19/18 3:23 AM, Alexander Potapenko wrote:
> > &
ized locals are left intact.
>
> This patch uses only the "pattern" mode when CONFIG_INIT_STACK_ALL is
> enabled.
>
> Developers have the possibility to opt-out of this feature on a
> per-variable basis by using __attribute__((uninitialized)), but such
> use should be
On Wed, Apr 10, 2019 at 1:06 PM Thomas Gleixner wrote:
>
> No more users of the struct stack_trace based interfaces.
>
> Signed-off-by: Thomas Gleixner
Acked-by: Alexander Potapenko
> ---
> include/linux/stackdepot.h |4
> lib/stackdepot.c | 20
f-by: Thomas Gleixner
Acked-by: Alexander Potapenko
> ---
> include/linux/stackdepot.h |4 ++
> lib/stackdepot.c | 66
> -
> 2 files changed, 51 insertions(+), 19 deletions(-)
>
> --- a/include/linux/stackdepot.h
>
Commit-ID: 5b77e95dd7790ff6c8fbf1cd8d0104ebed818a03
Gitweb: https://git.kernel.org/tip/5b77e95dd7790ff6c8fbf1cd8d0104ebed818a03
Author: Alexander Potapenko
AuthorDate: Tue, 2 Apr 2019 13:28:13 +0200
Committer: Ingo Molnar
CommitDate: Sat, 6 Apr 2019 09:52:02 +0200
x86/asm: Use
On Fri, Apr 5, 2019 at 11:39 AM Ingo Molnar wrote:
>
>
> * Alexander Potapenko wrote:
>
> > 1. Use memory clobber in bitops that touch arbitrary memory
> >
> > Certain bit operations that read/write bits take a base pointer and an
> > arbitrarily larg
On Tue, Apr 2, 2019 at 2:35 PM Alexander Potapenko wrote:
>
> On Tue, Apr 2, 2019 at 1:44 PM David Laight wrote:
> >
> > From: Alexander Potapenko
> > > Sent: 02 April 2019 12:28
> > >
> > > 1. Use memory clobber in bitops that touch arbitrary memory
On Tue, Apr 2, 2019 at 1:44 PM David Laight wrote:
>
> From: Alexander Potapenko
> > Sent: 02 April 2019 12:28
> >
> > 1. Use memory clobber in bitops that touch arbitrary memory
> >
> > Certain bit operations that read/write bits take a base pointer and an
>
On Tue, Apr 2, 2019 at 1:28 PM Alexander Potapenko wrote:
>
> 1. Use memory clobber in bitops that touch arbitrary memory
>
> Certain bit operations that read/write bits take a base pointer and an
> arbitrarily large offset to address the bit relative to that base.
> Inline as
On Tue, Apr 2, 2019 at 10:59 AM Alexander Potapenko wrote:
>
> On Tue, Apr 2, 2019 at 9:27 AM Peter Zijlstra wrote:
> >
> >
> >
> > On Mon, Apr 01, 2019 at 06:24:08PM +0200, Alexander Potapenko wrote:
> > > diff --git a/arch/x86/include/asm/bitops.h b/ar
iler
treat sizeof(long) bytes as being clobbered, which isn't the case. This
may theoretically lead to worse code in the case of heavy optimization.
Signed-off-by: Alexander Potapenko
Cc: Dmitry Vyukov
Cc: Paul E. McKenney
Cc: H. Peter Anvin
Cc: Peter Zijlstra
Cc: James Y Knight
---
v2:
On Tue, Apr 2, 2019 at 9:27 AM Peter Zijlstra wrote:
>
>
>
> On Mon, Apr 01, 2019 at 06:24:08PM +0200, Alexander Potapenko wrote:
> > diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops.h
> > index d153d570bb04..20e4950827d9 100644
> > --- a
is in NOP operations, other
end up re-reading values from memory and may potentially slow down the
execution. But without these clobbers the compiler is free to cache
the contents of the bitmaps and use them as if they weren't changed by
the inline assembly.
Signed-off-by: Alexander Potapenko
Cc: Dmitry
On Fri, Mar 29, 2019 at 9:52 PM H. Peter Anvin wrote:
>
> On 3/29/19 8:54 AM, Alexander Potapenko wrote:
> >
> >> Of course, this would force the compiler to actually compute the
> >> offset, which would slow things down. I have no idea whether this
> >> w
On Thu, Mar 28, 2019 at 5:22 PM Paul E. McKenney wrote:
>
> On Thu, Mar 28, 2019 at 03:14:12PM +0100, Alexander Potapenko wrote:
> > Hello,
> >
> > arch/x86/include/asm/bitops.h defines clear_bit(nr, addr) for
> > non-constant |nr| values as follows:
> >
to be applied in each case, so in the case of a performance
penalty we may need to consider alternative approaches to fixing this
code.
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
On Mon, Jan 14, 2019 at 10:56 AM Xin Long wrote:
>
> On Mon, Jan 14, 2019 at 5:34 PM Alexander Potapenko wrote:
> >
> > On Mon, Dec 10, 2018 at 9:56 AM Xin Long wrote:
> > >
> > > On Thu, Dec 6, 2018 at 8:08 PM Marcelo Ricardo Leitner
> > > wrote:
On Mon, Dec 10, 2018 at 9:56 AM Xin Long wrote:
>
> On Thu, Dec 6, 2018 at 8:08 PM Marcelo Ricardo Leitner
> wrote:
> >
> > On Thu, Dec 06, 2018 at 11:36:08AM +0100, Alexander Potapenko wrote:
> > > On Wed, Dec 5, 2018 at 8:31 PM syzbot
> > > wrote:
> &
he inline function.
> > >
> > > Fixes: b1864b828644 ("locking/atomics: build atomic headers as required")
> > > Reported-by: Anders Roxell
> > > Signed-off-by: Arnd Bergmann
Reviewed-by: Alexander Potapenko
> > > ---
> > > i
return;
> > - if (!mpol_store_user_nodemask(pol) &&
> > + if (!mpol_store_user_nodemask(pol) && !(pol->flags & MPOL_F_LOCAL)
> > &&
> > nodes_equal(pol->w.cpuset_mems_allowed, *newmask))
> >
On Wed, Dec 19, 2018 at 2:23 PM Jens Axboe wrote:
>
> On 12/19/18 3:23 AM, Alexander Potapenko wrote:
> > On Thu, Sep 13, 2018 at 11:23 AM Alexander Potapenko
> > wrote:
> >>
> >> On Thu, Sep 13, 2018 at 11:18 AM syzbot
> >> wrote:
> >>
On Thu, Sep 13, 2018 at 11:23 AM Alexander Potapenko wrote:
>
> On Thu, Sep 13, 2018 at 11:18 AM syzbot
> wrote:
> >
> > Hello,
> >
> > syzbot found the following crash on:
> >
> > HEAD commit:123906095e30 kmsan: introduce kmsan_interrupt_enter()/
signed int size);
> > void kasan_check_write(const volatile void *p, unsigned int size);
> > #else
> > diff --git a/mm/kasan/common.c b/mm/kasan/common.c
> > index 03d5d1374ca7..51a7932c33a3 100644
> > --- a/mm/kasan/common.c
> > +++ b/mm/kasan/common.c
> > @@ -14,6
On Thu, Nov 15, 2018 at 5:05 AM Kyungtae Kim wrote:
>
> Thank you for all your comments.
>
> Thanks,
> Kyungtae Kim
> On Wed, Nov 14, 2018 at 11:05 AM Paul E. McKenney
> wrote:
> >
> > On Wed, Nov 14, 2018 at 04:31:11PM +0100, Alexander Potapenko wrote:
>
On Thu, Nov 15, 2018 at 5:05 AM Kyungtae Kim wrote:
>
> Thank you for all your comments.
>
> Thanks,
> Kyungtae Kim
> On Wed, Nov 14, 2018 at 11:05 AM Paul E. McKenney
> wrote:
> >
> > On Wed, Nov 14, 2018 at 04:31:11PM +0100, Alexander Potapenko wrote:
>
.c:572
> > avc_insert security/selinux/avc.c:696 [inline]
> > avc_compute_av+0x31e/0x1050 security/selinux/avc.c:1008
> > avc_has_perm_noaudit+0x516/0x770 security/selinux/avc.c:1149
> > avc_has_perm+0x172/0x480 security/selinux/avc.c:1184
> > selinux_socket_create+0x24
.c:572
> > avc_insert security/selinux/avc.c:696 [inline]
> > avc_compute_av+0x31e/0x1050 security/selinux/avc.c:1008
> > avc_has_perm_noaudit+0x516/0x770 security/selinux/avc.c:1149
> > avc_has_perm+0x172/0x480 security/selinux/avc.c:1184
> > selinux_socket_create+0x24
On Fri, Nov 9, 2018 at 12:18 PM Takashi Iwai wrote:
>
> On Fri, 09 Nov 2018 10:31:03 +0100,
> Alexander Potapenko wrote:
> >
> > On Thu, Nov 8, 2018 at 9:38 PM syzbot
> > wrote:
> > >
> > > Hello,
> > >
> > > syzbot found the fol
On Fri, Nov 9, 2018 at 12:18 PM Takashi Iwai wrote:
>
> On Fri, 09 Nov 2018 10:31:03 +0100,
> Alexander Potapenko wrote:
> >
> > On Thu, Nov 8, 2018 at 9:38 PM syzbot
> > wrote:
> > >
> > > Hello,
> > >
> > > syzbot found the fol
> https://goo.gl/tpsmEJ#testing-patches
>
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bugs+unsubscr...@google
> https://goo.gl/tpsmEJ#testing-patches
>
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bugs+unsubscr...@google
tpsmEJ#testing-patches
>
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bugs+unsubscr...@googlegroups.com.
> To view
tpsmEJ#testing-patches
>
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bugs+unsubscr...@googlegroups.com.
> To view
ength.
I suspect the bug has been introduced in
https://github.com/torvalds/linux/commit/0f8db8cc73df60b3de9a5eebd8f117b56eff5b03
>
> Thanks,
> Kyungtae Kim
>
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
ength.
I suspect the bug has been introduced in
https://github.com/torvalds/linux/commit/0f8db8cc73df60b3de9a5eebd8f117b56eff5b03
>
> Thanks,
> Kyungtae Kim
>
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
stack data.
Signed-off-by: Alexander Potapenko
Reported-by: syzbot+69c3bd9869b32e394...@syzkaller.appspotmail.com
Fixes: 84c751bd4aebb ("ptrace: add ability to retrieve signals without
removing from a queue (v4)")
Cc: Andrey Vagin
Cc: Oleg Nesterov
Cc: Willy Tarreau
---
kernel/ptrace.
stack data.
Signed-off-by: Alexander Potapenko
Reported-by: syzbot+69c3bd9869b32e394...@syzkaller.appspotmail.com
Fixes: 84c751bd4aebb ("ptrace: add ability to retrieve signals without
removing from a queue (v4)")
Cc: Andrey Vagin
Cc: Oleg Nesterov
Cc: Willy Tarreau
---
kernel/ptrace.
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bugs+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/16eb330575bd2fab%40google.com.
> For more options, visit https://groups.google.com/d/optout.
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bugs+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/16eb330575bd2fab%40google.com.
> For more options, visit https://groups.google.com/d/optout.
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
from it, send an
> email to syzkaller+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
from it, send an
> email to syzkaller+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
; > This bug is generated by a bot. It may contain errors.
> > See https://goo.gl/tpsmEJ for more information about syzbot.
> > syzbot engineers can be reached at syzkal...@googlegroups.com.
> >
> > syzbot will keep track of this bug report. See:
> > https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
> > syzbot.
> > syzbot can test patches for this bug, for details see:
> > https://goo.gl/tpsmEJ#testing-patches
> >
> --
> Jan Kara
> SUSE Labs, CR
>
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bugs+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/20180829134620.GD7369%40quack2.suse.cz.
> For more options, visit https://groups.google.com/d/optout.
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
; > This bug is generated by a bot. It may contain errors.
> > See https://goo.gl/tpsmEJ for more information about syzbot.
> > syzbot engineers can be reached at syzkal...@googlegroups.com.
> >
> > syzbot will keep track of this bug report. See:
> > https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
> > syzbot.
> > syzbot can test patches for this bug, for details see:
> > https://goo.gl/tpsmEJ#testing-patches
> >
> --
> Jan Kara
> SUSE Labs, CR
>
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bugs+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/20180829134620.GD7369%40quack2.suse.cz.
> For more options, visit https://groups.google.com/d/optout.
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
the problem
Reported-by: syzbot+17a8efdf800...@syzkaller.appspotmail.com
Signed-off-by: Alexander Potapenko
---
drivers/tty/vt/vt.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
index 1eb1a376a041..15eb6c829d39 100644
the problem
Reported-by: syzbot+17a8efdf800...@syzkaller.appspotmail.com
Signed-off-by: Alexander Potapenko
---
drivers/tty/vt/vt.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
index 1eb1a376a041..15eb6c829d39 100644
This shall help avoid copying uninitialized memory to the userspace
when calling ioctl(fd, SG_IO) with an empty command.
Reported-by: syzbot+7d26fc1eea198488d...@syzkaller.appspotmail.com
Cc: sta...@vger.kernel.org
Signed-off-by: Alexander Potapenko <gli...@google.com>
Acked-by: Douglas G
This shall help avoid copying uninitialized memory to the userspace
when calling ioctl(fd, SG_IO) with an empty command.
Reported-by: syzbot+7d26fc1eea198488d...@syzkaller.appspotmail.com
Cc: sta...@vger.kernel.org
Signed-off-by: Alexander Potapenko
Acked-by: Douglas Gilbert
Reviewed
On Wed, May 16, 2018 at 6:45 PM Andrey Ryabinin <aryabi...@virtuozzo.com>
wrote:
> On 05/16/2018 06:34 PM, Alexander Potapenko wrote:
> > stackdepot used to call memcpy(), which compiler tools normally
> > instrument, therefore every lookup used to unnecessarily call
On Wed, May 16, 2018 at 6:45 PM Andrey Ryabinin
wrote:
> On 05/16/2018 06:34 PM, Alexander Potapenko wrote:
> > stackdepot used to call memcpy(), which compiler tools normally
> > instrument, therefore every lookup used to unnecessarily call
instrumented
> > code.
committed for memcmp())
Signed-off-by: Alexander Potapenko <gli...@google.com>
Cc: Andrey Ryabinin <aryabi...@virtuozzo.com>
Cc: Dmitry Vyukov <dvyu...@google.com>
---
lib/stackdepot.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/stackdepot.c b/lib/
committed for memcmp())
Signed-off-by: Alexander Potapenko
Cc: Andrey Ryabinin
Cc: Dmitry Vyukov
---
lib/stackdepot.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/stackdepot.c b/lib/stackdepot.c
index e513459a5601..d48c744fa750 100644
--- a/lib/stackdepot.c
+++ b/lib
#syz fix: sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
#syz fix: sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
glegroups.com.
> >
> > syzbot will keep track of this bug report. See:
> > https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
> > syzbot.
> > syzbot can test patches for this bug, for details see:
> > https://goo.gl/tpsmEJ#testing-patches
> --
> You received this message because you are subscribed to the Google Groups
"syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email to syzkaller-bugs+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
https://groups.google.com/d/msgid/syzkaller-bugs/CADvbK_cGes4gorUa2Y8PSkL4qF4WetC2eo3PFvEYd1xbRiSihQ%40mail.gmail.com
.
> For more options, visit https://groups.google.com/d/optout.
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
; > This bug is generated by a bot. It may contain errors.
> > See https://goo.gl/tpsmEJ for more information about syzbot.
> > syzbot engineers can be reached at syzkal...@googlegroups.com.
> >
> > syzbot will keep track of this bug report. See:
> > https://goo.gl/tpsmEJ#bug
Commit-ID: 4a09f0210c8b1221aae8afda8bd3a603fece0986
Gitweb: https://git.kernel.org/tip/4a09f0210c8b1221aae8afda8bd3a603fece0986
Author: Alexander Potapenko <gli...@google.com>
AuthorDate: Wed, 9 May 2018 11:18:22 +0200
Committer: Ingo Molnar <mi...@kernel.org>
CommitDate:
Commit-ID: 4a09f0210c8b1221aae8afda8bd3a603fece0986
Gitweb: https://git.kernel.org/tip/4a09f0210c8b1221aae8afda8bd3a603fece0986
Author: Alexander Potapenko
AuthorDate: Wed, 9 May 2018 11:18:22 +0200
Committer: Ingo Molnar
CommitDate: Mon, 14 May 2018 11:14:30 +0200
x86/boot/64/clang
enerate PC-relative relocations when accessing globals
from that function. Clang actually does not generate them, which leads
to boot-time crashes. To work around this problem, every global pointer
must be adjusted using fixup_pointer().
Signed-off-by: Alexander Potapenko <gli...@google.com>
Fix
enerate PC-relative relocations when accessing globals
from that function. Clang actually does not generate them, which leads
to boot-time crashes. To work around this problem, every global pointer
must be adjusted using fixup_pointer().
Signed-off-by: Alexander Potapenko
Fixes: fb43d6cb91ef (&
On Tue, May 8, 2018 at 11:44 PM Kirill A. Shutemov <
kirill.shute...@linux.intel.com> wrote:
> On Tue, May 08, 2018 at 04:28:29PM +, Alexander Potapenko wrote:
> > @@ -196,7 +204,8 @@ unsigned long __head __startup_64(unsigned long
physaddr,
> >
> > pmd_entry
On Tue, May 8, 2018 at 11:44 PM Kirill A. Shutemov <
kirill.shute...@linux.intel.com> wrote:
> On Tue, May 08, 2018 at 04:28:29PM +, Alexander Potapenko wrote:
> > @@ -196,7 +204,8 @@ unsigned long __head __startup_64(unsigned long
physaddr,
> >
> > pmd_entry
enerate PC-relative relocations when accessing globals
from that function. Clang actually does not generate them, which leads
to boot-time crashes. To work around this problem, every global pointer
must be adjusted using fixup_pointer().
Signed-off-by: Alexander Potapenko <gli...@google.com>
Fix
enerate PC-relative relocations when accessing globals
from that function. Clang actually does not generate them, which leads
to boot-time crashes. To work around this problem, every global pointer
must be adjusted using fixup_pointer().
Signed-off-by: Alexander Potapenko
Fixes: fb43d6cb91ef (&
On Tue, May 8, 2018 at 4:30 PM Dave Hansen <dave.han...@linux.intel.com>
wrote:
> On 05/08/2018 05:16 AM, Alexander Potapenko wrote:
> > Similarly to commit 187e91fe5e91
> > ("x86/boot/64/clang: Use fixup_pointer() to access 'next_early_pgt'"),
> > '__supp
On Tue, May 8, 2018 at 4:30 PM Dave Hansen
wrote:
> On 05/08/2018 05:16 AM, Alexander Potapenko wrote:
> > Similarly to commit 187e91fe5e91
> > ("x86/boot/64/clang: Use fixup_pointer() to access 'next_early_pgt'"),
> > '__supported_pte_mask' must be al
Similarly to commit 187e91fe5e91
("x86/boot/64/clang: Use fixup_pointer() to access 'next_early_pgt'"),
'__supported_pte_mask' must be also accessed using fixup_pointer() to
avoid position-dependent relocations.
Signed-off-by: Alexander Potapenko <gli...@google.com>
Fixes: fb43d
Similarly to commit 187e91fe5e91
("x86/boot/64/clang: Use fixup_pointer() to access 'next_early_pgt'"),
'__supported_pte_mask' must be also accessed using fixup_pointer() to
avoid position-dependent relocations.
Signed-off-by: Alexander Potapenko
Fixes: fb43d6cb91ef ("x86/mm: Do n
KMSAN reports use of uninitialized memory in the case when |alen| is
smaller than sizeof(struct sockaddr_nl), and therefore |nladdr| isn't
fully copied from the userspace.
Signed-off-by: Alexander Potapenko <gli...@google.com>
Fixes: 1da177e4c3f41524 ("Linux-2.6.12-rc2")
---
KMSAN reports use of uninitialized memory in the case when |alen| is
smaller than sizeof(struct sockaddr_nl), and therefore |nladdr| isn't
fully copied from the userspace.
Signed-off-by: Alexander Potapenko
Fixes: 1da177e4c3f41524 ("Linux-2.6.12-rc2")
---
v2: fixed a typo spotted by Er
KMSAN reports use of uninitialized memory in the case when |alen| is
smaller than sizeof(struct netlink_sock), and therefore |nladdr| isn't
fully copied from the userspace.
Signed-off-by: Alexander Potapenko <gli...@google.com>
Fixes: 1da177e4c3f41524 ("Linux-2.6.12-rc2")
KMSAN reports use of uninitialized memory in the case when |alen| is
smaller than sizeof(struct netlink_sock), and therefore |nladdr| isn't
fully copied from the userspace.
Signed-off-by: Alexander Potapenko
Fixes: 1da177e4c3f41524 ("Linux-2.6.12-rc2")
---
net/netlink/af_netlink.c
use
> numa_node_id() instead of preferred_node, however, __mpol_equeue() use
> preferred_node without check whether it is MPOL_F_LOCAL or not.
>
> Reported-by: Alexander Potapenko <gli...@google.com>
> Signed-off-by: Yisheng Xie <xieyishe...@huawei.com>
Tested-by: Alexa
preferred_node, however, __mpol_equeue() use
> preferred_node without check whether it is MPOL_F_LOCAL or not.
>
> Reported-by: Alexander Potapenko
> Signed-off-by: Yisheng Xie
Tested-by: Alexander Potapenko
I confirm that the patch fixes the problem. Thanks for the quick turnaround
mpiler specific options that are valid standalone
> + CFLAGS_KASAN := $(CFLAGS_KASAN_SHADOW) \
> + $(call cc-param,asan-globals=1) \
> + $(call
> cc-param,asan-instrumentation-with-call-threshold=$(call_threshold)) \
> + $(call cc-param,asan-stack=1) \
> +
cc-param,asan-globals=1) \
> + $(call
> cc-param,asan-instrumentation-with-call-threshold=$(call_threshold)) \
> + $(call cc-param,asan-stack=1) \
> + $(call cc-param,asan-use-after-scope=1)
> + endif
> +
> endif
>
> CFLAGS_KASAN += $(call cc-opt
o moved code of KASAN in generic file so that page_owner can also
> do same filteration.
>
> Initial KASAN commit
> id=be7635e7287e0e8013af3c89a6354a9e0182594c
>
> Signed-off-by: Vaneet Narang <v.nar...@samsung.com>
> Signed-off-by: Maninder Singh <maninder...@samsung.com&g
generic file so that page_owner can also
> do same filteration.
>
> Initial KASAN commit
> id=be7635e7287e0e8013af3c89a6354a9e0182594c
>
> Signed-off-by: Vaneet Narang
> Signed-off-by: Maninder Singh
Reviewed-by: Alexander Potapenko
> ---
> include/linux/stacktrace.h | 25 +++
201 - 300 of 1004 matches
Mail list logo