subject:"scsi\: use\-after\-free in bio_copy_from

Re: scsi: use-after-free in bio_copy_from_iter

2016-12-06 Thread Dmitry Vyukov

On Tue, Dec 6, 2016 at 4:38 PM, Johannes Thumshirn wrote: > On Tue, Dec 06, 2016 at 10:43:57AM +0100, Dmitry Vyukov wrote: >> On Tue, Dec 6, 2016 at 10:32 AM, Johannes Thumshirn >> wrote: >> > On Mon, Dec 05, 2016 at 07:03:39PM +, Al Viro wrote: >> >>

Re: scsi: use-after-free in bio_copy_from_iter

2016-12-06 Thread Dmitry Vyukov

On Tue, Dec 6, 2016 at 4:38 PM, Johannes Thumshirn wrote: > On Tue, Dec 06, 2016 at 10:43:57AM +0100, Dmitry Vyukov wrote: >> On Tue, Dec 6, 2016 at 10:32 AM, Johannes Thumshirn >> wrote: >> > On Mon, Dec 05, 2016 at 07:03:39PM +, Al Viro wrote: >> >> On Mon, Dec 05, 2016 at 04:17:53PM

Re: scsi: use-after-free in bio_copy_from_iter

2016-12-06 Thread Johannes Thumshirn

On Tue, Dec 06, 2016 at 10:43:57AM +0100, Dmitry Vyukov wrote: > On Tue, Dec 6, 2016 at 10:32 AM, Johannes Thumshirn > wrote: > > On Mon, Dec 05, 2016 at 07:03:39PM +, Al Viro wrote: > >> On Mon, Dec 05, 2016 at 04:17:53PM +0100, Johannes Thumshirn wrote: > >> > 633

Re: scsi: use-after-free in bio_copy_from_iter

2016-12-06 Thread Johannes Thumshirn

On Tue, Dec 06, 2016 at 10:43:57AM +0100, Dmitry Vyukov wrote: > On Tue, Dec 6, 2016 at 10:32 AM, Johannes Thumshirn > wrote: > > On Mon, Dec 05, 2016 at 07:03:39PM +, Al Viro wrote: > >> On Mon, Dec 05, 2016 at 04:17:53PM +0100, Johannes Thumshirn wrote: > >> > 633 hp = >header; >

Re: scsi: use-after-free in bio_copy_from_iter

2016-12-06 Thread Dmitry Vyukov

On Tue, Dec 6, 2016 at 10:32 AM, Johannes Thumshirn wrote: > On Mon, Dec 05, 2016 at 07:03:39PM +, Al Viro wrote: >> On Mon, Dec 05, 2016 at 04:17:53PM +0100, Johannes Thumshirn wrote: >> > 633 hp = >header; >> > [...] >> > 646 hp->dxferp = (char

Re: scsi: use-after-free in bio_copy_from_iter

2016-12-06 Thread Dmitry Vyukov

On Tue, Dec 6, 2016 at 10:32 AM, Johannes Thumshirn wrote: > On Mon, Dec 05, 2016 at 07:03:39PM +, Al Viro wrote: >> On Mon, Dec 05, 2016 at 04:17:53PM +0100, Johannes Thumshirn wrote: >> > 633 hp = >header; >> > [...] >> > 646 hp->dxferp = (char __user *)buf +

Re: scsi: use-after-free in bio_copy_from_iter

2016-12-06 Thread Johannes Thumshirn

On Mon, Dec 05, 2016 at 07:03:39PM +, Al Viro wrote: > On Mon, Dec 05, 2016 at 04:17:53PM +0100, Johannes Thumshirn wrote: > > 633 hp = >header; > > [...] > > 646 hp->dxferp = (char __user *)buf + cmd_size; > > > So the memory for hp->dxferp comes from: > > 633

Re: scsi: use-after-free in bio_copy_from_iter

2016-12-06 Thread Johannes Thumshirn

On Mon, Dec 05, 2016 at 07:03:39PM +, Al Viro wrote: > On Mon, Dec 05, 2016 at 04:17:53PM +0100, Johannes Thumshirn wrote: > > 633 hp = >header; > > [...] > > 646 hp->dxferp = (char __user *)buf + cmd_size; > > > So the memory for hp->dxferp comes from: > > 633

Re: scsi: use-after-free in bio_copy_from_iter

2016-12-05 Thread Al Viro

On Mon, Dec 05, 2016 at 04:17:53PM +0100, Johannes Thumshirn wrote: > 633 hp = >header; > [...] > 646 hp->dxferp = (char __user *)buf + cmd_size; > So the memory for hp->dxferp comes from: > 633 hp = >header; > >From my debug instrumentation I see that the

Re: scsi: use-after-free in bio_copy_from_iter

2016-12-05 Thread Al Viro

On Mon, Dec 05, 2016 at 04:17:53PM +0100, Johannes Thumshirn wrote: > 633 hp = >header; > [...] > 646 hp->dxferp = (char __user *)buf + cmd_size; > So the memory for hp->dxferp comes from: > 633 hp = >header; > >From my debug instrumentation I see that the

Re: scsi: use-after-free in bio_copy_from_iter

2016-12-05 Thread Johannes Thumshirn

On Mon, Dec 05, 2016 at 03:31:43PM +0100, Dmitry Vyukov wrote: > On Sat, Dec 3, 2016 at 7:19 PM, Johannes Thumshirn wrote: > > On Sat, Dec 03, 2016 at 04:22:39PM +0100, Dmitry Vyukov wrote: > >> On Sat, Dec 3, 2016 at 11:38 AM, Johannes Thumshirn > >>

Re: scsi: use-after-free in bio_copy_from_iter

2016-12-05 Thread Johannes Thumshirn

On Mon, Dec 05, 2016 at 03:31:43PM +0100, Dmitry Vyukov wrote: > On Sat, Dec 3, 2016 at 7:19 PM, Johannes Thumshirn wrote: > > On Sat, Dec 03, 2016 at 04:22:39PM +0100, Dmitry Vyukov wrote: > >> On Sat, Dec 3, 2016 at 11:38 AM, Johannes Thumshirn > >> wrote: > >> > On Fri, Dec 02, 2016 at

Re: scsi: use-after-free in bio_copy_from_iter

2016-12-05 Thread Dmitry Vyukov

On Sat, Dec 3, 2016 at 7:19 PM, Johannes Thumshirn wrote: > On Sat, Dec 03, 2016 at 04:22:39PM +0100, Dmitry Vyukov wrote: >> On Sat, Dec 3, 2016 at 11:38 AM, Johannes Thumshirn >> wrote: >> > On Fri, Dec 02, 2016 at 05:50:39PM +0100, Dmitry Vyukov wrote:

Re: scsi: use-after-free in bio_copy_from_iter

2016-12-05 Thread Dmitry Vyukov

On Sat, Dec 3, 2016 at 7:19 PM, Johannes Thumshirn wrote: > On Sat, Dec 03, 2016 at 04:22:39PM +0100, Dmitry Vyukov wrote: >> On Sat, Dec 3, 2016 at 11:38 AM, Johannes Thumshirn >> wrote: >> > On Fri, Dec 02, 2016 at 05:50:39PM +0100, Dmitry Vyukov wrote: >> >> On Fri, Nov 25, 2016 at 8:08 PM,

Re: scsi: use-after-free in bio_copy_from_iter

2016-12-03 Thread Johannes Thumshirn

On Sat, Dec 03, 2016 at 04:22:39PM +0100, Dmitry Vyukov wrote: > On Sat, Dec 3, 2016 at 11:38 AM, Johannes Thumshirn > wrote: > > On Fri, Dec 02, 2016 at 05:50:39PM +0100, Dmitry Vyukov wrote: > >> On Fri, Nov 25, 2016 at 8:08 PM, Dmitry Vyukov wrote:

Re: scsi: use-after-free in bio_copy_from_iter

2016-12-03 Thread Johannes Thumshirn

On Sat, Dec 03, 2016 at 04:22:39PM +0100, Dmitry Vyukov wrote: > On Sat, Dec 3, 2016 at 11:38 AM, Johannes Thumshirn > wrote: > > On Fri, Dec 02, 2016 at 05:50:39PM +0100, Dmitry Vyukov wrote: > >> On Fri, Nov 25, 2016 at 8:08 PM, Dmitry Vyukov wrote: [...] Hi Dmitry, > > Thanks for looking

Re: scsi: use-after-free in bio_copy_from_iter

2016-12-03 Thread Dmitry Vyukov

On Sat, Dec 3, 2016 at 11:38 AM, Johannes Thumshirn wrote: > On Fri, Dec 02, 2016 at 05:50:39PM +0100, Dmitry Vyukov wrote: >> On Fri, Nov 25, 2016 at 8:08 PM, Dmitry Vyukov wrote: > > [...] > >> >> +David did some debugging of a similar case. His 0x400 at

Re: scsi: use-after-free in bio_copy_from_iter

2016-12-03 Thread Dmitry Vyukov

On Sat, Dec 3, 2016 at 11:38 AM, Johannes Thumshirn wrote: > On Fri, Dec 02, 2016 at 05:50:39PM +0100, Dmitry Vyukov wrote: >> On Fri, Nov 25, 2016 at 8:08 PM, Dmitry Vyukov wrote: > > [...] > >> >> +David did some debugging of a similar case. His 0x400 at location >> 0x2000efdc refers to 0x

Re: scsi: use-after-free in bio_copy_from_iter

2016-12-03 Thread Johannes Thumshirn

On Fri, Dec 02, 2016 at 05:50:39PM +0100, Dmitry Vyukov wrote: > On Fri, Nov 25, 2016 at 8:08 PM, Dmitry Vyukov wrote: [...] > > +David did some debugging of a similar case. His 0x400 at location > 0x2000efdc refers to 0x at 0x20012fdc in the provided reproducer: >

Re: scsi: use-after-free in bio_copy_from_iter

2016-12-03 Thread Johannes Thumshirn

On Fri, Dec 02, 2016 at 05:50:39PM +0100, Dmitry Vyukov wrote: > On Fri, Nov 25, 2016 at 8:08 PM, Dmitry Vyukov wrote: [...] > > +David did some debugging of a similar case. His 0x400 at location > 0x2000efdc refers to 0x at 0x20012fdc in the provided reproducer: >

Re: scsi: use-after-free in bio_copy_from_iter

2016-12-02 Thread Dmitry Vyukov

On Fri, Nov 25, 2016 at 8:08 PM, Dmitry Vyukov wrote: > Hello, > > The following program triggers use-after-free in bio_copy_from_iter: > https://gist.githubusercontent.com/dvyukov/80cd94b4e4c288f16ee4c787d404118b/raw/10536069562444da51b758bb39655b514ff93b45/gistfile1.txt > >

Re: scsi: use-after-free in bio_copy_from_iter

2016-12-02 Thread Dmitry Vyukov

On Fri, Nov 25, 2016 at 8:08 PM, Dmitry Vyukov wrote: > Hello, > > The following program triggers use-after-free in bio_copy_from_iter: > https://gist.githubusercontent.com/dvyukov/80cd94b4e4c288f16ee4c787d404118b/raw/10536069562444da51b758bb39655b514ff93b45/gistfile1.txt > > >

scsi: use-after-free in bio_copy_from_iter

2016-11-25 Thread Dmitry Vyukov

Hello, The following program triggers use-after-free in bio_copy_from_iter: https://gist.githubusercontent.com/dvyukov/80cd94b4e4c288f16ee4c787d404118b/raw/10536069562444da51b758bb39655b514ff93b45/gistfile1.txt == BUG: KASAN:

scsi: use-after-free in bio_copy_from_iter

2016-11-25 Thread Dmitry Vyukov

Hello, The following program triggers use-after-free in bio_copy_from_iter: https://gist.githubusercontent.com/dvyukov/80cd94b4e4c288f16ee4c787d404118b/raw/10536069562444da51b758bb39655b514ff93b45/gistfile1.txt == BUG: KASAN:

Re: scsi: use-after-free in bio_copy_from_iter

Re: scsi: use-after-free in bio_copy_from_iter

Re: scsi: use-after-free in bio_copy_from_iter

Re: scsi: use-after-free in bio_copy_from_iter

Re: scsi: use-after-free in bio_copy_from_iter

Re: scsi: use-after-free in bio_copy_from_iter

Re: scsi: use-after-free in bio_copy_from_iter

Re: scsi: use-after-free in bio_copy_from_iter

Re: scsi: use-after-free in bio_copy_from_iter

Re: scsi: use-after-free in bio_copy_from_iter

Re: scsi: use-after-free in bio_copy_from_iter

Re: scsi: use-after-free in bio_copy_from_iter

Re: scsi: use-after-free in bio_copy_from_iter

Re: scsi: use-after-free in bio_copy_from_iter

Re: scsi: use-after-free in bio_copy_from_iter

Re: scsi: use-after-free in bio_copy_from_iter

Re: scsi: use-after-free in bio_copy_from_iter

Re: scsi: use-after-free in bio_copy_from_iter

Re: scsi: use-after-free in bio_copy_from_iter

Re: scsi: use-after-free in bio_copy_from_iter

Re: scsi: use-after-free in bio_copy_from_iter

Re: scsi: use-after-free in bio_copy_from_iter

scsi: use-after-free in bio_copy_from_iter

scsi: use-after-free in bio_copy_from_iter

24 matches

Site Navigation

Mail list logo

Footer information