lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Jan 2007 22:04:33 -0800 From: Andrew Morton <akpm@...l.org> To: Sébastien Dugué <sebastien.dugue@...l.net> Cc: linux-kernel <linux-kernel@...r.kernel.org>, linux-aio <linux-aio@...ck.org>, Bharata B Rao <bharata@...ibm.com>, Christoph Hellwig <hch@...radead.org>, Suparna Bhattacharya <suparna@...ibm.com>, Ulrich Drepper <drepper@...hat.com>, Zach Brown <zach.brown@...cle.com>, Jean Pierre Dion <jean-pierre.dion@...l.net>, Badari Pulavarty <pbadari@...ibm.com> Subject: Re: [PATCH -mm 5/5][AIO] - Add listio syscall support On Wed, 17 Jan 2007 10:55:54 +0100 Sébastien Dugué <sebastien.dugue@...l.net> wrote: > +void lio_check(struct lio_event *lio) > +{ > + int ret; > + > + ret = atomic_dec_and_test(&lio->lio_users); > + > + if (unlikely(ret) && lio->lio_notify.notify != SIGEV_NONE) { > + /* last one -> notify process */ > + if (aio_send_signal(&lio->lio_notify)) > + sigqueue_free(lio->lio_notify.sigq); > + kfree(lio); > + } > +} That's a scary function. It may (or may not) free the memory at lio, returning no indication to the caller whether or not that memory is still allocated. This is most peculiar - are you really sure there's no potential for a use-after-free here? The function is poorly named: I'd expect something called "foo_check" to not have any side-effects. This one has gross side-effects. Want to think up a better name, please? And given that this function has global scope, perhaps a little explanatory comment is in order? > +struct lio_event *lio_create(struct sigevent __user *user_event, > + int mode) Here too. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists