[dm-devel] [bug report] dm crypt: conditionally enable code needed for tasklet usecases
Mike Snitzer
snitzer at kernel.org
Thu Mar 9 15:08:32 UTC 2023
On Thu, Mar 09 2023 at 9:42P -0500,
Dan Carpenter <error27 at gmail.com> wrote:
> On Thu, Mar 09, 2023 at 05:35:20PM +0300, Dan Carpenter wrote:
> > --> 2758 if (test_bit(DM_CRYPT_NO_READ_WORKQUEUE, &cc->flags) ||
> > ^^^^^^^^^
> > 2759 test_bit(DM_CRYPT_NO_WRITE_WORKQUEUE, &cc->flags))
> > ^^^^^^^^^
> > UAF. This wasn't tested, right? If this passes testing then it means
> > kfree_sensitive() is broken. (Normally UAF bugs can only be detected
> > with KASan, but kfree_sensitive() should poison the data I thought).
> >
>
> Nope. This is thing where you need KASan to detect the bug. I'm wrong
> and continually demonstrate how even twenty years in to it I still don't
> understand pointers.
Thanks for the report, really appreciate it. Sorry for the oversight
(and lack of testing). But we decided to fix a different way and
linux-next was updated accordingly, I just tweaked it but here is the
final:
https://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm.git/commit/?h=for-next&id=d9a02e016aaf5a57fb44e9a5e6da8ccd3b9e2e70
Mike
More information about the dm-devel
mailing list