From: Tyler Hicks <tyhicks@canonical.com>
To: Jakub Kicinski <kubakici@wp.pl>, Kees Cook <keescook@chromium.org>
Cc: Simon Brewer <sbrunau@gmail.com>, LKML <linux-kernel@vger.kernel.org>
Subject: Re: BUG: KASAN: global-out-of-bounds in strscpy+0x807/0x970
Date: Wed, 11 Oct 2017 00:37:43 -0400 [thread overview]
Message-ID: <411eec08-711a-d133-05bf-0e6c7d4101d3@canonical.com> (raw)
In-Reply-To: <CAEeGbKOtffFD9Fb3qRc-8DkkQsAhuVO3X3xuzFtxH2p1uT69RQ@mail.gmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 1408 bytes --]
On 10/10/2017 10:32 PM, Simon Brewer wrote:
> Hint start looking at this thread. https://lkml.org/lkml/2017/7/18/874
>
> Summary: strscpy and KASAN are currently incompatible. strscpy does a
> 64 bit speculative fetch on a char pointer (for efficiency reasons).
> KASAN spots this and flags an error.
Thanks, Simon. I had already reviewed the loop in
seccomp_names_from_actions_logged() and couldn't spot an issue so my
next step was to take a look at strscpy() itself. Your reply was well
timed. :)
@Kees, this is a false positive. I picked strscpy() because of its sane
return codes for easy error handling but its word-at-a-time complexity
is overkill for this sysctl. Are you alright with this KASAN false
positive or would you like me to change over to strlcpy()?
Tyler
>
> On 11 October 2017 at 12:46, Jakub Kicinski <kubakici@wp.pl
> <mailto:kubakici@wp.pl>> wrote:
>
> On Tue, 10 Oct 2017 21:44:01 -0400, Tyler Hicks wrote:
> > On 10/10/2017 09:28 PM, Jakub Kicinski wrote:
> > > I'm hitting this on sysctl -a with net-next (4.14-rc4).
> >
> > Hey Jakub - thanks for the bug report!
> >
> > >
> > > I saw that seccomp_actions_logged_handler was introduced
> > > not-so-long-ago by Tyler, is there a fix for this?
> >
> > No, this is the first I've heard of it. I'll have a look.
>
> Thanks! :)
>
>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 801 bytes --]
next prev parent reply other threads:[~2017-10-11 4:37 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-11 1:28 BUG: KASAN: global-out-of-bounds in strscpy+0x807/0x970 Jakub Kicinski
2017-10-11 1:44 ` Tyler Hicks
2017-10-11 1:46 ` Jakub Kicinski
2017-10-11 2:37 ` Simon Brewer
[not found] ` <CAEeGbKOtffFD9Fb3qRc-8DkkQsAhuVO3X3xuzFtxH2p1uT69RQ@mail.gmail.com>
2017-10-11 4:37 ` Tyler Hicks [this message]
2017-10-11 7:21 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=411eec08-711a-d133-05bf-0e6c7d4101d3@canonical.com \
--to=tyhicks@canonical.com \
--cc=keescook@chromium.org \
--cc=kubakici@wp.pl \
--cc=linux-kernel@vger.kernel.org \
--cc=sbrunau@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.