From mboxrd@z Thu Jan 1 00:00:00 1970 From: Greg Kroah-Hartman Subject: Re: [PATCH v2] netfilter: properly initialize xt_table_info structure Date: Thu, 31 May 2018 13:23:11 +0200 Message-ID: <20180531112311.GA29517@kroah.com> References: <20180517100908.GA3150@kroah.com> <20180517132012.GA29160@kroah.com> <20180518092756.odlyvxcpgbuistqq@breakpoint.cc> <20180526145449.GA10379@kroah.com> <20180531082436.ffd6gkbuk6xpm47y@breakpoint.cc> <20180531085116.GA17729@kroah.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Florian Westphal , Jan Engelhardt , Eric Dumazet , Greg Hackmann , Pablo Neira Ayuso , Jozsef Kadlecsik , Michal Kubecek , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org To: peter pi Return-path: Content-Disposition: inline In-Reply-To: Sender: netdev-owner@vger.kernel.org List-Id: netfilter-devel.vger.kernel.org On Thu, May 31, 2018 at 05:40:40PM +0800, peter pi wrote: > Hi Greg, > > My test method is very simple: > 1, In copy_to_user, add a function call like my_examine(from, n) to check > every 8 bytes. There is an kernel function called virt_addr_valid which > can check if the value is a address value. > 2, Print a kernel log when there is a leak detected in function my_examine > 3, Run iptables-save or ip6tables-save in shell, it will hit the kernel > code path of the problem > > > Because my test code is specified for Pixel 2, so I think you can write the > test code yourself just about 10 lines code Any chance you can test this on a more modern kernel, like 4.14 or newer on a normal system? thanks, greg k-h