Received: by 10.223.176.5 with SMTP id f5csp750829wra;
        Tue, 30 Jan 2018 19:01:59 -0800 (PST)
X-Google-Smtp-Source: AH8x224TXyZhYMbI/I3tlCDpd5LSvQVp7Tb/EZXv9suGM5Yrwc8poaHA17ABgyD84Bb9F2CCi2xR
X-Received: by 10.98.100.139 with SMTP id y133mr32146803pfb.68.1517367719507;
        Tue, 30 Jan 2018 19:01:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517367719; cv=none;
        d=google.com; s=arc-20160816;
        b=002OjF0yuem1iNTmZsimQP8MmAUTq7kulIkGw7Gnz04TTWl/FXBc02d05mt2q64sOV
         E8uEpIkEsXHnUBNXJBmENmgNlELOASzpWo+PyllPnE9Ziwvj6EbWflr+2U57yGmxJ11y
         UeFGDrdMkUbsZtBfLH1pc6jBSgd5jMRhLNYvL/BSOIpuFGpJcEtPtRyiVePTdTPZrfS+
         6XUAZvkut7Ttkmj4BiX06fSvWPFq9PQGiFswn0UPbY+yZo2cia9/HG8k9Hgfz61tfiEV
         DtAmVNxVGklwM7QlNEkttr2UhEMSV7gBdrz49HrRZ9YbfI8roTYgA0/tP+ygM48Yx0JH
         7SCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:organization:from:references:cc:to:subject
         :dkim-signature:arc-authentication-results;
        bh=rULSRcE+OuEF9o8MPryv60xtX5MMivPTMBqPZQagJ/A=;
        b=nB1kUUnRBtcL5ReEb62paekIWCLM+vxM9whGa9jqCEk+jZbLGBkBOUN9qZNyNrxAiW
         KIGnnV5u3TB6flUL0ZcOmXyPMHwmfzJHyvGVinhal3d11w+uARhUV1zaEo3XrU6S+PKl
         7k1RAyHl3PEhSVWMmECfCVMhoPIbLLlz6LW6wbvfLHHlFCvAHhWDAeMq1/zKKX7Geeo4
         Ir8FCTyWA+KiMK3Fa0+sbHiQmRDy5O9WYDWqvg7NwfsapgfU4dWN/vuU5aNEBOnSyIz2
         iYmfAHmdPJRUN472edAfYGdCAPe2CzmAKZsIM5PUs3uyXpuWj8nzqQFsmfKrop0GeTDh
         fcaQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=bsHme0LW;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q21si905772pgn.250.2018.01.30.19.01.44;
        Tue, 30 Jan 2018 19:01:59 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=bsHme0LW;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752886AbeAaCzo (ORCPT <rfc822;sujaykul91@gmail.com>
        + 99 others); Tue, 30 Jan 2018 21:55:44 -0500
Received: from aserp2120.oracle.com ([141.146.126.78]:49174 "EHLO
        aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752848AbeAaCzm (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 30 Jan 2018 21:55:42 -0500
Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1])
        by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w0V2qu4B031621;
        Wed, 31 Jan 2018 02:55:37 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : to : cc :
 references : from : message-id : date : mime-version : in-reply-to :
 content-type : content-transfer-encoding; s=corp-2017-10-26;
 bh=rULSRcE+OuEF9o8MPryv60xtX5MMivPTMBqPZQagJ/A=;
 b=bsHme0LWRMe8OWFieXcKh5O/M2bxCaZhHECevG+5vDCO5YutLzKAJ2L9eat6/XFG2Jl5
 JvgfAVz2GQDmJWM1HRzHJyQcZFRguLsxtg7rUCPVcoZW/0JSL0lZdpcHHdHzW378hNjZ
 6+HHirXbXhC3LdBV9/KiXVQhRya/B/R2aS3X5fWtdVT5UtjNhCreg1pVIdXSgr9LBS8A
 ptH8Ogsq/uOPvuZq1ZrQ05fIhsb/Q4eKDTp4hkLGR7AwmNEvqh9YDEHPkDMGbXkYKYKJ
 yZ5jcNtrJJ3piZDNIT1kPsLrAfvM+ZeRVrIQDBlpprxjZ9HvZgAybu2rrq5d+FZ1N+7a Xw== 
Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71])
        by aserp2120.oracle.com with ESMTP id 2fu57j01jb-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Wed, 31 Jan 2018 02:55:37 +0000
Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75])
        by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w0V2tZAB002766
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL);
        Wed, 31 Jan 2018 02:55:35 GMT
Received: from abhmp0009.oracle.com (abhmp0009.oracle.com [141.146.116.15])
        by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w0V2tYTw002473;
        Wed, 31 Jan 2018 02:55:35 GMT
Received: from [10.209.243.219] (/10.209.243.219)
        by default (Oracle Beehive Gateway v4.0)
        with ESMTP ; Tue, 30 Jan 2018 18:55:34 -0800
Subject: Re: KASAN: stack-out-of-bounds Read in rds_sendmsg
To:     Eric Biggers <ebiggers3@gmail.com>
Cc:     syzkaller-bugs@googlegroups.com,
        Avinash Repaka <avinash.repaka@oracle.com>,
        syzbot 
        <bot+9461c9b9d340854a404b46c42cbfc91ded1232d8@syzkaller.appspotmail.com>,
        davem@davemloft.net, linux-kernel@vger.kernel.org,
        linux-rdma@vger.kernel.org, netdev@vger.kernel.org,
        rds-devel@oss.oracle.com
References: <089e08263e589121d90560d610a5@google.com>
 <9deaf3c4-227f-f6f0-9ccb-3ad05fc32a0c@oracle.com>
 <20180131021638.6h5fukvzzakzu5g2@gmail.com>
From:   Santosh Shilimkar <santosh.shilimkar@oracle.com>
Organization: Oracle Corporation
Message-ID: <5db55967-3608-d9cc-768a-e75dc61ed311@oracle.com>
Date:   Tue, 30 Jan 2018 18:55:32 -0800
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.2
MIME-Version: 1.0
In-Reply-To: <20180131021638.6h5fukvzzakzu5g2@gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8790 signatures=668657
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0
 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999
 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.0.1-1711220000 definitions=main-1801310034
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 1/30/2018 6:16 PM, Eric Biggers wrote:
> On Thu, Dec 21, 2017 at 08:44:32AM -0800, Santosh Shilimkar wrote:
>> +Avinash
>>
>> On 12/21/2017 1:10 AM, syzbot wrote:
>>> syzkaller has found reproducer for the following crash on
>>
>> [..]
>>
>>>
>>> audit: type=1400 audit(1513847224.110:7): avc:  denied  { map } for
>>> pid=3157 comm="syzkaller455006" path="/root/syzkaller455006870"
>>> dev="sda1" ino=16481
>>> scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
>>> tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
>>> ==================================================================
>>> BUG: KASAN: stack-out-of-bounds in rds_rdma_bytes net/rds/send.c:1013
>>> [inline]
>>
>> Could you please post the discussed fix if you are ready with it ?
>> This new report is same as last one and cmesg length check should
>> address it.
>>

[...]

> 
> This crash seems to have stopped occurring.  I assume it was fixed by commit
> 14e138a86f63 (thanks Avinash!), so let's tell syzbot so that it can start
> reporting crashes in the same place again:
> 
> #syz fix: RDS: Check cmsg_len before dereferencing CMSG_DATA
> 
Thanks Eric for confirmation !!

Regards,
Santosh