Received: by 10.213.65.68 with SMTP id h4csp1151924imn; Wed, 4 Apr 2018 13:34:44 -0700 (PDT) X-Google-Smtp-Source: AIpwx481YcLkFNe0U8f4ilNPZJk+WQQ8OBwjxKV9nr7pDZGN7lQfOEP5N32WLiukstF9qvb4v84c X-Received: by 2002:a17:902:108a:: with SMTP id c10-v6mr20224844pla.22.1522874084685; Wed, 04 Apr 2018 13:34:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522874084; cv=none; d=google.com; s=arc-20160816; b=nPMYiz8/Xwqc2pmxtF/wU15uxWsGUweJyMDdZW1Sn6pYgbO2CCuKYcZ3Yt9VXXPbE6 bPQkY6tN+2rJCjGsiRaNRl4Pwfo4U2MlOrIHMBGF4r/5ToXM5eFs97AeHnus+pWF/EdJ C/KnfeCllrt70qyXEmc1ql9VrN980rd6iG3qiRibqGWmzXvMYTUoGZzGj2IeoqXcM5ab ez+SiWWMY54OZpFWwe3SgwoP6JPW4UgV3yi81+UmtLLnCwYSPjAc90vMRWGIw1LglFZU nQrWqJTVmdApaP7J8tT9UNBlJyfJ+I2wFQii/SggQY5BrENsFg0GuCk0Hoe81ziY/EDi L8JQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=YYA8fNJnEEHsNzVZGFBbiRM5ES1y3kvjLn3k3nIZNbM=; b=hBFH076T2qkBMA6+NlrJjbIwrQ8QsEyEuzs7EQ+a9seYWRqVWVXTqo6X/6nKwg020K 9fv+s6+w52uZCppOpGz2Ei+N0P0E9S9MyWyKi+hZX9Pvd2UzkDjJEG3Kr7qcnc4Ucgfw 03BC44cd5ldi96xJz47f0Yckc94k1Vz7d7nVkAY/9PKMZR71lKh2OGPFq3m+o3D6/s5S 2/e6I63VrBT4LqAzV9jC0g4XQaZIzfRX5SvwixhW2ZqKEGzcl/zoB/f2vCxD/QOwppy1 2gRPfvgZ4ntTGxqNvTfHc8Jdi8dp7rXXq0OL29ryl0Y/UgjRe8Z56qXMux9xtJcGDzXJ b4wA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=bqpPE1zZ; dkim=fail header.i=@chromium.org header.s=google header.b=EAiA9R6I; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q9-v6si3809858plr.273.2018.04.04.13.34.30; Wed, 04 Apr 2018 13:34:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=bqpPE1zZ; dkim=fail header.i=@chromium.org header.s=google header.b=EAiA9R6I; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752185AbeDDUcz (ORCPT + 99 others); Wed, 4 Apr 2018 16:32:55 -0400 Received: from mail-ua0-f173.google.com ([209.85.217.173]:42168 "EHLO mail-ua0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751749AbeDDUcx (ORCPT ); Wed, 4 Apr 2018 16:32:53 -0400 Received: by mail-ua0-f173.google.com with SMTP id o34so14098608uae.9 for ; Wed, 04 Apr 2018 13:32:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=YYA8fNJnEEHsNzVZGFBbiRM5ES1y3kvjLn3k3nIZNbM=; b=bqpPE1zZHXvI/X9bhfXeS3pYQtr1+bwOlphNqTPuxisM1VGG5tzOUhZ/eMfkB8wyXf TguZ2waVVJg3U0aDcK1tpWsN+6neG0KgXTFy0JB2KPAzO2D3l5s3DKwHJfARmwR+bHoc 1HfWfKYeRo2kV55TwWxtOwhct07KvHPtT0wQbgQMBfopZKBCAj5BMuxsnyfTZW4yqHy2 B847rSyX6KdkDDhDPnw44vQ5dl8d985Xg6tBmN3QE6oIwMIzQzDvl0Al1EBHWFW2rpT9 gx70RXNyb1g44yj70Tc5PAkksTJxdtNbxJOrsCGa8cjbETaWdqelyisN0XMMFtiKgkF0 2sLA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=YYA8fNJnEEHsNzVZGFBbiRM5ES1y3kvjLn3k3nIZNbM=; b=EAiA9R6IejeENNQdhLQXEk8ATBXygjeU5Ip46WabT6dp6YuCR1lOWBVc2qnV8yZ69S qsw53dHDDEMAWqwowv2GkYIkM380Zpmiac05qVsaZ8G/ERdpNnjbXGNh6ihWWoq5Y0H3 oWo8cfo4GHbdrnopiQQrjUu/vI9HZf6qyMcxM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=YYA8fNJnEEHsNzVZGFBbiRM5ES1y3kvjLn3k3nIZNbM=; b=iLBduzsCC4rCvbIK9cKG3fIUxTTeEfHmMvutLI+erok5NwXKVmFQ6+wqxLgI+Q3x/b p3Hl9bb35AN0AqYP2PFqluo3J5tlU/G/3ryOoqgdY4tPdZfEBl+/YtW8YNDd5cm/Fpiy 11CSwRBqs+gwNkZ09f4U0dIjNpRdxWQ76w7xivCvREDb3k8Y4IGd0ddaMObCULyFkghr 2Zoo773JR1O5I/ers/kDPo5kZLQ95lMpDd00nqlpGIsXfYv2y0dLebiIKU+JnqUFAv25 AbV09XUrppq2xufBNSlW20Yuyx9JWyaifpTOqh4IX5L4gHOssk2n13hH0T6LHnWKj7sb ItYQ== X-Gm-Message-State: ALQs6tDXVVtTJ4OGQ7dd0YJWfuTIOtDOgdhBpR+fEUwfwaH9Yxl3Nkxd rquOBbEKs3U8/f1YhDBNLXBvVFPqECsMS1wA4qkipQ== X-Received: by 10.176.35.198 with SMTP id c6mr1097248uan.83.1522873972890; Wed, 04 Apr 2018 13:32:52 -0700 (PDT) MIME-Version: 1.0 Received: by 10.31.164.81 with HTTP; Wed, 4 Apr 2018 13:32:52 -0700 (PDT) In-Reply-To: <10360653.ov98egbaqx@natalenko.name> References: <10360653.ov98egbaqx@natalenko.name> From: Kees Cook Date: Wed, 4 Apr 2018 13:32:52 -0700 X-Google-Sender-Auth: ddaBpVq6dP0Rdt22gqC8RmhieEY Message-ID: Subject: Re: usercopy whitelist woe in scsi_sense_cache To: Oleksandr Natalenko Cc: David Windsor , "James E.J. Bottomley" , "Martin K. Petersen" , linux-scsi@vger.kernel.org, LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 4, 2018 at 12:07 PM, Oleksandr Natalenko wrote: > [ 261.262135] Bad or missing usercopy whitelist? Kernel memory exposure > attempt detected from SLUB object 'scsi_sense_cache' (offset 94, size 22)! > I can easily reproduce it with a qemu VM and 2 virtual SCSI disks by calling > smartctl in a loop and doing some usual background I/O. The warning is > triggered within 3 minutes or so (not instantly). Also: Can you send me your .config? What SCSI drivers are you using in the VM and on the real server? Are you able to see what ioctl()s smartctl is issuing? I'll try to reproduce this on my end... -Kees -- Kees Cook Pixel Security