stack smashing detected with 'nvme sanitize-log /dev/nvme0'
Keith Busch
kbusch at kernel.org
Tue Aug 29 06:29:17 PDT 2023
On Mon, Aug 28, 2023 at 11:20:38AM +0200, Christoph Hellwig wrote:
> On Mon, Aug 21, 2023 at 09:11:38AM -0600, Keith Busch wrote:
> > I don't think we want to bounce to kernel memory for the device to
> > overwrite it. I suggest just change nvme-cli's stack allocated santize
> > log to a use page aligned and sized buffer.
>
> That assumes it actually overwrites it in that case and doesn't just
> have a PRP parsing bug when there is not enough alignment.
>
> We should be able to find out by enabling KASAN and then requiring the
> larger alignment before re-running the reproducer.
Good point. I assumed it was a simple buffer overrun regardless of the
starting offset, but bad PRP parsing sounds plausible.
If you don't want to enable a kernel with kasan, we can just align user
space buffers with padding at different offsets and see what happens.
More information about the Linux-nvme
mailing list