Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/jann/statuses/113093516106536707">Jann Horn (jann@infosec.exchange)'s status on Saturday, 07-Sep-2024 09:59:12 JST</a><a href="https://infosec.exchange/@jann" title="jann@infosec.exchange"><img src="https://gnusocial.jp/avatar/171708-48-20230912164339.webp" width="48" height="48" alt="Jann Horn" style="position: absolute; left: 0; top: 0;">Jann Horn</a></section><article><p>I added code to Linux to help KASAN detect specific types of UAFs more reliably (<a href="https://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab.git/commit/?h=slab/for-6.12/rcu_barriers&amp;id=b8c8ba73c68bb3c3e9dad22f488b86c540c839f9" rel="nofollow noreferrer">https://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab.git/commit/?h=slab/for-6.12/rcu_barriers&amp;id=b8c8ba73c68bb3c3e9dad22f488b86c540c839f9</a>), it's been in the linux-next integration tree for, I don't know, a month or so maybe (though it's not in the mainline tree yet), and still there are zero hits on LKML of bugs caught where the stack trace involves my detection...<br>It's nice that there apparently aren't a lot of easy-to-find bugs of this type around but it's also a little disappointing to not immediately get some nice results from my work...</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3627021#notice-7110512">In conversation</a><time datetime="2024-09-07T09:59:12+09:00" title="Saturday, 07-Sep-2024 09:59:12 JST">about 3 months ago</time> <span>from <span><a href="https://infosec.exchange/@jann/113093516106536707" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@jann/113093516106536707">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: git.kernel.org</div><h5><a href="https://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab.git/commit/?h=slab/for-6.12/rcu_barriers&amp;id=b8c8ba73c68bb3c3e9dad22f488b86c540c839f9">slub: Introduce CONFIG_SLUB_RCU_DEBUG - kernel/git/vbabka/slab.git - The slab kernel tree</a></h5><div></div></header><div></div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Jann Horn (jann@infosec.exchange)'s status on Saturday, 07-Sep-2024 09:59:12 JST Jann Horn
I added code to Linux to help KASAN detect specific types of UAFs more reliably (https://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab.git/commit/?h=slab/for-6.12/rcu_barriers&id=b8c8ba73c68bb3c3e9dad22f488b86c540c839f9), it's been in the linux-next integration tree for, I don't know, a month or so maybe (though it's not in the mainline tree yet), and still there are zero hits on LKML of bugs caught where the stack trace involves my detection...
It's nice that there apparently aren't a lot of easy-to-find bugs of this type around but it's also a little disappointing to not immediately get some nice results from my work...
In conversationabout 3 months ago from infosec.exchangepermalink
Attachments
1. Domain not in remote thumbnail source whitelist: git.kernel.org
  slub: Introduce CONFIG_SLUB_RCU_DEBUG - kernel/git/vbabka/slab.git - The slab kernel tree

Public

Embed Notice

HTML Code

Corresponding Notice