Re: A bug was found in Linux Kernel 5.15.148 and 5.15.150: KASAN: use-after-free in xfs_allocbt_init_key_from_rec (with POC)

All the mail mirrored from lore.kernel.org
 help / color / mirror / Atom feed

From: Eric Sandeen <sandeen@sandeen.net>
To: 刘通 <lyutoon@gmail.com>
Cc: "linux-xfs@vger.kernel.org" <linux-xfs@vger.kernel.org>
Subject: Re: A bug was found in Linux Kernel 5.15.148 and 5.15.150: KASAN: use-after-free in xfs_allocbt_init_key_from_rec (with POC)
Date: Thu, 11 Apr 2024 15:34:15 -0500	[thread overview]
Message-ID: <24467239-e3a3-46db-aa1d-e876abe03cdd@sandeen.net> (raw)
In-Reply-To: <d1d4df97-307c-4c61-86bc-c83b8f10a745@sandeen.net>

On 4/2/24 12:55 PM, Eric Sandeen wrote:
>> # Step to reproduce:
>> 1. download the zip file
>> 2. unzip it
>> 3. compile the kernel (5.15.148, 5.15.150) with kernel_config
>> 4. start the kernel with qemu vm
>> 5. scp repro.c to the vm
>> 6. compile the repro.c and run it: gcc repro.c -o exp && ./exp
>> 7. you will see the KASAN error

> AFAICT you won't. I did exactly this, and got no KASAN error.
> Did you, after following these steps on a fresh boot of the kernel?

Any follow up here? Do you actually hit a KASAN error after following these
exact steps?

-Eric

     prev parent reply	other threads:[~2024-04-11 20:43 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-03-07  7:23 A bug was found in Linux Kernel 5.15.148 and 5.15.150: KASAN: use-after-free in xfs_allocbt_init_key_from_rec (with POC) 刘通
2024-04-02  5:54 ` Eric Sandeen
     [not found]   ` <CAEJPjCvK-LATJ5B9-=KXa3oMZwT-zQyFqMNU9EgcfsRD12AWWA@mail.gmail.com>
2024-04-02 15:09     ` Eric Sandeen
     [not found]       ` <CAEJPjCsXGHWzek7AQ1g3byUZe1Uq7KuUxJ0GY2fac3J8y+LFZQ@mail.gmail.com>
2024-04-02 17:55         ` Eric Sandeen
2024-04-11 20:34           ` Eric Sandeen [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=24467239-e3a3-46db-aa1d-e876abe03cdd@sandeen.net \
    --to=sandeen@sandeen.net \
    --cc=linux-xfs@vger.kernel.org \
    --cc=lyutoon@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.