Re: KASAN: use-after-free Read in xlog_alloc_log

From: Christoph Hellwig
Date: Thu Jun 27 2019 - 09:52:34 EST

Next message: Rob Herring: "Re: [PATCH] dt-bindings: nvmem: Add YAML schemas for the generic NVMEM bindings"
Previous message: Igor Opaniuk: "Re: [PATCH v2 1/1] ARM: dts: colibri: introduce dts with UHS-I support enabled"
In reply to: Christoph Hellwig: "Re: KASAN: use-after-free Read in xlog_alloc_log"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 27, 2019 at 04:06:54AM -0700, Christoph Hellwig wrote:
> It seems like this is the xlog_alloc_log error path. We didn't
> really change anything in the circular ioclogs queue handling, so
> maybe thish has been there before, but xfs_buf wasn't wired up to
> kasan to catch it?
>
> Either way I suspect the right thing to do is to replace the list
> with an array based lookup. I'll look into that, maybe a reproducer
> appears until then.

Actually, the iclog allocations are obviously too small. A patch will
be on its way soon.

Next message: Rob Herring: "Re: [PATCH] dt-bindings: nvmem: Add YAML schemas for the generic NVMEM bindings"
Previous message: Igor Opaniuk: "Re: [PATCH v2 1/1] ARM: dts: colibri: introduce dts with UHS-I support enabled"
In reply to: Christoph Hellwig: "Re: KASAN: use-after-free Read in xlog_alloc_log"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]