Re: KASAN: use-after-free Read in binder_release_work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Apr 23, 2018 at 11:41 AM, Martijn Coenen <maco@xxxxxxxxxxx> wrote:
> On Mon, Apr 23, 2018 at 11:28 AM, Dmitry Vyukov <dvyukov@xxxxxxxxxx> wrote:
>> https://syzkaller.appspot.com/bug?extid=09e05aba06723a94d43d
>> and that happened in binder. But then syzkaller found a reproducer for
>> it, but it turned out to be in rdma subsystem. It's generally not
>> possible to properly distinguish different bugs that look similar, and
>> if syzbot does more sensitive bug classification, then it will also
>> inevitably report more duplicates. So that bug was closed as an rdma
>> bug.
>
> Thanks for the clarification! It looks like I sent the patch with the
> original reported-by tag after it was closed as an rdma issue; would
> it help if syzbot sent a reply saying this bug was already marked as
> closed with a different commit, or are there other complications with
> that?


Since it's already in Greg's queue, it's not worth bothering. We can
fix up things here with these "#syz fix" tags in emails, which
associate fixes with bugs.


> Thanks,
> Martijn
>
>> Now syzbot already skips list_del frame and takes the next one, so it
>> should become slightly better.
>>
>> Let's close this one with the binder fix (since that one was closed
>> with an rdma fix):
>>
>> #syz fix: ANDROID: binder: prevent transactions into own process.
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel



[Index of Archives]     [Linux Driver Backports]     [DMA Engine]     [Linux GPIO]     [Linux SPI]     [Video for Linux]     [Linux USB Devel]     [Linux Coverity]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]
  Powered by Linux