Ancestors

Written by Stephen Brennan on 2024-10-12 at 07:46

lol

=> View attached media

=> More informations about this toot | More toots from brenns10@snake.club

Toot

Written by Stephen Brennan on 2024-10-12 at 07:48

I'm reading this chapter because it began with this master class of snark that made me say "gosh maybe I don't know all the basics, I'd better not skip it"

=> View attached media

=> More informations about this toot | More toots from brenns10@snake.club

Descendants

Written by ljs on 2024-10-12 at 07:59

@brenns10 I need to put this in mine

=> More informations about this toot | More toots from ljs@social.kernel.org

Written by Stephen Brennan on 2024-10-12 at 08:01

@ljs you don't want your readers to get too cocky

=> More informations about this toot | More toots from brenns10@snake.club

Written by ljs on 2024-10-12 at 08:04

@brenns10 lol the second they hit the anon VMA stuff all such feeling will disappear and be replaced with despair

=> More informations about this toot | More toots from ljs@social.kernel.org

Written by Jann Horn on 2024-10-12 at 13:01

@ljs @brenns10 there was a fun anon_vma ->degree confusion bug that was fixed in 2022, where an assumption in vma mergability checks is broken and you can get an anon page mapped in a VMA which is not connected to the page's anon_vma, and that leads to anon_vma UAF

https://project-zero.issues.chromium.org/issues/42451486

=> More informations about this toot | More toots from jann@infosec.exchange

Written by Vlastimil Babka on 2024-10-12 at 13:17

@jann @ljs @brenns10 my colleague managed to create a livepatch that somehow avoided adding the new fields, and I've reviewed it as that it should be working, but forgot all the details since ;)

=> More informations about this toot | More toots from vbabka@social.kernel.org

Written by Jann Horn on 2024-10-12 at 13:21

@vbabka @brenns10 @ljs oh yes, this patch was how I learned that security fixes that change struct layouts can be very annoying for people. I didn't know there was a livepatch tho

=> More informations about this toot | More toots from jann@infosec.exchange

Written by Jann Horn on 2024-10-12 at 13:19

@ljs @brenns10 one of those bug reports that probably involved me drawing a bunch of possible scenarios on paper...

the reproducer requires five fork() calls, plus some VMA splitting and merging :blob_dizzy_face:

=> More informations about this toot | More toots from jann@infosec.exchange

Written by Vlastimil Babka on 2024-10-12 at 13:28

@jann @ljs @brenns10 ha, I believe I was discarding these kind of my own drawings among other stuff just week ago

=> More informations about this toot | More toots from vbabka@social.kernel.org

Written by ljs on 2024-10-12 at 15:05

@jann @brenns10 merging much nicer now due to some genius

=> More informations about this toot | More toots from ljs@social.kernel.org

Written by ljs on 2024-10-12 at 15:04

@jann @brenns10 fucking hell Jann why are you like this

Oh wait this is like cotton candy for exploit writers sigh.

Well at least I didn't take on maintainership responsibility recently... Oh wait FUCK

=> More informations about this toot | More toots from ljs@social.kernel.org