Re: KASAN: slab-out-of-bounds Read in handle_vmptrld

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 13/09/2019 16:01, Paolo Bonzini wrote:
On 13/09/19 15:02, Greg Kroah-Hartman wrote:
Look at linux-next, we "should" have fixed up hcd_buffer_alloc() now to
not need this type of thing.  If we got it wrong, please let us know and
then yes, a fix like this would be most appreciated :)

I still see

	/* some USB hosts just use PIO */
	if (!hcd_uses_dma(hcd)) {
		*dma = ~(dma_addr_t) 0;
		return kmalloc(size, mem_flags);
	}

in linux-next's hcd_buffer_alloc and also in usb.git's usb-next branch.
  I also see the same

	if (remap_pfn_range(vma, vma->vm_start,
			virt_to_phys(usbm->mem) >> PAGE_SHIFT,
			size, vma->vm_page_prot) < 0) {
		...
	}

in usbdev_mmap.  Of course it's possible that I'm looking at the wrong
branch, or just being dense.

Oh, that bit of usbdev_mmap() is already known to be pretty much totally bogus for various reasons - there have been a few threads about it, of which I think [1] is both the most recent and the most informative. There was another patch[2], but that might have stalled (and might need reworking with additional hcd_uses_dma() checks anyway).

Robin.

[1] https://lore.kernel.org/linux-arm-kernel/20190808084636.GB15080@priv-mua.localdomain/ [2] https://lore.kernel.org/linux-usb/20190801220134.3295-1-gavinli@xxxxxxxxxxxxxx/



[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux