lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 24 Dec 2010 09:14:59 -0800
From:	Greg KH <gregkh@...e.de>
To:	Hillf Danton <dhillf@...il.com>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] fix freeing user_struct in user cache

On Fri, Dec 24, 2010 at 10:24:02PM +0800, Hillf Danton wrote:
> On Fri, Dec 24, 2010 at 11:55 AM, Greg KH <gregkh@...e.de> wrote:
> > On Thu, Dec 23, 2010 at 08:52:34PM +0800, Hillf Danton wrote:
> >> When racing on adding into user cache, the new allocated from mm slab
> >> is freed without putting user namespace.
> >>
> >> Since the user namespace is already operated by getting, putting has
> >> to be issued.
> >>
> >> btw, it could be freed out of lock?
> >>
> >> Signed-off-by: Hillf Danton <dhillf@...il.com>
> >> ---
> >>
> >> --- a/kernel/user.c   2010-11-01 19:54:12.000000000 +0800
> >> +++ b/kernel/user.c   2010-12-23 20:42:00.000000000 +0800
> >> @@ -158,6 +158,7 @@ struct user_struct *alloc_uid(struct use
> >>               spin_lock_irq(&uidhash_lock);
> >>               up = uid_hash_find(uid, hashent);
> >>               if (up) {
> >> +                     put_user_ns(ns);
> >>                       key_put(new->uid_keyring);
> >>                       key_put(new->session_keyring);
> >>                       kmem_cache_free(uid_cachep, new);
> >
> > Hm, are you sure about this?  Also, why send this to me, did I last
> > touch this?
> >
> 
> sure with no doubt.
> 
> I do not know if you touched that last, but I received the following message,
> 
> On Tue, Dec 21, 2010 at 3:42 AM,  <gregkh@...e.de> wrote:
> >
> > This is a note to let you know that I've just added the patch titled
> >
> >    bonding: Fix slave selection bug.
> >
> > to the 2.6.36-stable tree which can be found at:
> >    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> 
> so you were Cced since you charge patch delivered.

That was a stable patch, I send all of those out :)

Use scripts/get_maintainer.pl to determine the best person to send this
patch to (hint, it's not me.)

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ