Re: KASAN: slab-out-of-bounds Read in fbcon_get_font

On 12/4/19 9:33 AM, Dmitry Vyukov wrote: > On Tue, Dec 3, 2019 at 11:37 PM Daniel Vetter wrote: >> >> On Tue, Dec 3, 2019 at 11:25 PM syzbot >> wrote: >>> >>> Hello, >>> >>> syzbot found the following crash on: >>> >>> HEAD commit:76bb8b05 Merge tag 'kbuild-v5.5' of

SLAB_TYPESAFE_BY_RCU without constructors (was Re: [PATCH v4 13/17] khwasan: add hooks implementation)

On 07/31/2018 07:04 PM, Andrey Ryabinin wrote: >> Somewhat offtopic, but I can't understand how SLAB_TYPESAFE_BY_RCU >> slabs can be useful without ctors or at least memset(0). Objects in >> such slabs need to be type-stable, but I can't understand how it's >> possible to

Re: SLAB_TYPESAFE_BY_RCU without constructors (was Re: [PATCH v4 13/17] khwasan: add hooks implementation)

On 07/31/2018 09:51 PM, Linus Torvalds wrote: > On Tue, Jul 31, 2018 at 10:49 AM Linus Torvalds > wrote: >> >> So the re-use might initialize the fields lazily, not necessarily using a >> ctor. > > In particular, the pattern that nf_conntrack uses looks like it is safe. > > If you have a

Re: [PATCH] mm: Remove pointless might_sleep() in remove_vm_area().

Mar 24, 2017 at 06:05:45PM +0300, Andrey Ryabinin wrote: >> Just fix the drm code. There is zero point in releasing memory under >> spinlock. > > I disagree. The spinlock has to be held while deleting from the hash > table. And what makes you think so? There are too pl

Re: [PATCH] mm: Remove pointless might_sleep() in remove_vm_area().

On 03/27/2017 05:29 PM, Tetsuo Handa wrote: > Thomas Hellstrom wrote: >> So to summarize. Yes, the drm callers can be fixed up, but IMO requiring >> vfree() to be non-atomic is IMO not a good idea if avoidable. > > I agree. > > I don't know about drm code. But I can find AppArmor code doing >

[PATCH] drm/i915: fix use-after-free in page_flip_completed()

queue_work() after trace_i915_flip_complete() to fix this. Fixes: e5510fac98a7 ("drm/i915: add tracepoints for flip requests & completions") Signed-off-by: Andrey Ryabinin <aryabi...@virtuozzo.com> --- drivers/gpu/drm/i915/intel_display.c | 4 ++-- 1 file changed, 2 insertions(+),

[PATCH] drm/atomic: fix out of bounds read in for_each_*_in_state helpers

On 05/25/2015 04:12 PM, Jani Nikula wrote: > On Mon, 25 May 2015, Andrey Ryabinin wrote: >> for_each_*_in_state validate array index after >> access to array elements, thus perform out of bounds read. >> >> Fix this by validating index in the first place and read >

[PATCH] drm/atomic: fix out of bounds read in for_each_*_in_state helpers

elper macros") Signed-off-by: Andrey Ryabinin --- include/drm/drm_atomic.h | 24 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/include/drm/drm_atomic.h b/include/drm/drm_atomic.h index c1571034..3f13b91 100644 --- a/include/drm/drm_atomic.h +++ b/i