Re: BUG: KASAN: use-after-free in cmp_ex_search+0x29/0x71

From: Peter Zijlstra
Date: Thu Nov 30 2017 - 03:27:49 EST

Next message: Jan Beulich: "Re: [Xen-devel] [PATCH V2] Xen/pciback: Implement PCI slot or bus reset with 'do_flr' SysFS attribute"
Previous message: Dmitry Vyukov: "Re: [PATCH v2 1/5] kasan: support alloca() poisoning"
In reply to: Thomas Meyer: "Re: BUG: KASAN: use-after-free in cmp_ex_search+0x29/0x71"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Nov 30, 2017 at 06:16:58AM +0100, Thomas Meyer wrote:
> On Thu, Nov 30, 2017 at 11:36:06AM +0800, Fengguang Wu wrote:

> > [ 40.847825] ==================================================================
> > [ 40.848720] BUG: KASAN: use-after-free in cmp_ex_search+0x29/0x71:
> > ex_to_insn at lib/extable.c:23
> > (inlined by) cmp_ex_search at lib/extable.c:104

Right after this it does:

> [ 40.872223] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
> [ 40.873011] BUG: unable to handle kernel paging request at fffffbfff0766694
> [ 40.874648] IP: 0xfffffbfff0766694
> [ 40.875112] PGD 1b3df067 P4D 1b3df067 PUD 1b3de067 PMD 800000001ac001e3
> [ 40.876293] Thread overran stack, or stack corrupted

which seems to suggest the machine is completely fucked and the uaf
could very well be the result of that.

Next message: Jan Beulich: "Re: [Xen-devel] [PATCH V2] Xen/pciback: Implement PCI slot or bus reset with 'do_flr' SysFS attribute"
Previous message: Dmitry Vyukov: "Re: [PATCH v2 1/5] kasan: support alloca() poisoning"
In reply to: Thomas Meyer: "Re: BUG: KASAN: use-after-free in cmp_ex_search+0x29/0x71"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]