回复: 回复: [PATCH] ALSA: seq: KASAN: use-after-free Read in delete_and_unsubscribe_port

发件人: Takashi Iwai 发送时间: 2020年8月3日 14:16 收件人: Zhang, Qiang 抄送: pe...@perex.cz; ti...@suse.com; alsa-de...@alsa-project.org; linux-kernel@vger.kernel.org 主题: Re: 回复: [PATCH] ALSA: seq: KASAN: use-after-free Read in delete_and_unsubscribe_port On Mon, 03

Re: 回复: [PATCH] ALSA: seq: KASAN: use-after-free Read in delete_and_unsubscribe_port

On Mon, 03 Aug 2020 03:35:05 +0200, Zhang, Qiang wrote: > > >Thanks for the patch. But I'm afraid that this change would break the > >existing behavior and might have a bad side-effect. > > >It's likely the same issue as reported in another syzkaller report > >("KASAN: invalid-free in snd_seq_po

回复: [PATCH] ALSA: seq: KASAN: use-after-free Read in delete_and_unsubscribe_port

发件人: Takashi Iwai 发送时间: 2020年8月1日 17:39 收件人: Zhang, Qiang 抄送: pe...@perex.cz; ti...@suse.com; alsa-de...@alsa-project.org; linux-kernel@vger.kernel.org 主题: Re: [PATCH] ALSA: seq: KASAN: use-after-free Read in delete_and_unsubscribe_port On Sat, 01 Aug

Re: [PATCH] ALSA: seq: KASAN: use-after-free Read in delete_and_unsubscribe_port

On Sat, 01 Aug 2020 08:24:03 +0200, wrote: > > From: Zhang Qiang > > There is a potential race window,when a task acquire "src->list_mutex" > write sem,traverse the linked list to find "subs" objects through > parameter "info" in snd_seq_port_disconnect and then release this > write sem, before

[PATCH] ALSA: seq: KASAN: use-after-free Read in delete_and_unsubscribe_port

From: Zhang Qiang There is a potential race window,when a task acquire "src->list_mutex" write sem,traverse the linked list to find "subs" objects through parameter "info" in snd_seq_port_disconnect and then release this write sem, before this task acquire write sem again,this write sem may be ac

回复: KASAN: use-after-free Read in delete_and_unsubscribe_port (2)

: use-after-free Read in delete_and_unsubscribe_port (2) syzbot has found a reproducer for the following issue on: HEAD commit:d3590ebf Merge tag 'audit-pr-20200729' of git://git.kernel.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=1207e0b8900

Re: KASAN: use-after-free Read in delete_and_unsubscribe_port (2)

syzbot has found a reproducer for the following issue on: HEAD commit:d3590ebf Merge tag 'audit-pr-20200729' of git://git.kernel.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=1207e0b890 kernel config: https://syzkaller.appspot.com/x/.config?x=812bbfc

KASAN: use-after-free Read in delete_and_unsubscribe_port (2)

Hello, syzbot found the following crash on: HEAD commit:7cc2a8ea Merge tag 'block-5.8-2020-07-01' of git://git.ker.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=11561e7b10 kernel config: https://syzkaller.appspot.com/x/.config?x=7be693511b29b338 das

KASAN: use-after-free Read in delete_and_unsubscribe_port

Hello, syzbot found the following crash on: HEAD commit:8fe28cb58bcb Linux 4.20 git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=166859b340 kernel config: https://syzkaller.appspot.com/x/.config?x=7d581260bae0899a dashboard link: https://syzkaller.appsp