lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Jan 2013 14:15:04 +0800 From: Tang Chen <tangchen@...fujitsu.com> To: Andrew Morton <akpm@...ux-foundation.org> CC: rientjes@...gle.com, len.brown@...el.com, benh@...nel.crashing.org, paulus@...ba.org, cl@...ux.com, minchan.kim@...il.com, kosaki.motohiro@...fujitsu.com, isimatu.yasuaki@...fujitsu.com, wujianguo@...wei.com, wency@...fujitsu.com, hpa@...or.com, linfeng@...fujitsu.com, laijs@...fujitsu.com, mgorman@...e.de, yinghai@...nel.org, glommer@...allels.com, x86@...nel.org, linux-mm@...ck.org, linux-kernel@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org, linux-acpi@...r.kernel.org, linux-s390@...r.kernel.org, linux-sh@...r.kernel.org, linux-ia64@...r.kernel.org, cmetcalf@...era.com, sparclinux@...r.kernel.org Subject: Re: [PATCH v6 04/15] memory-hotplug: remove /sys/firmware/memmap/X sysfs Hi Andrew, On 01/10/2013 07:19 AM, Andrew Morton wrote: >> ... >> >> + entry = firmware_map_find_entry(start, end - 1, type); >> + if (!entry) >> + return -EINVAL; >> + >> + firmware_map_remove_entry(entry); >> >> ... >> > > The above code looks racy. After firmware_map_find_entry() does the > spin_unlock() there is nothing to prevent a concurrent > firmware_map_remove_entry() from removing the entry, so the kernel ends > up calling firmware_map_remove_entry() twice against the same entry. > > An easy fix for this is to hold the spinlock across the entire > lookup/remove operation. > > > This problem is inherent to firmware_map_find_entry() as you have > implemented it, so this function simply should not exist in the current > form - no caller can use it without being buggy! A simple fix for this > is to remove the spin_lock()/spin_unlock() from > firmware_map_find_entry() and add locking documentation to > firmware_map_find_entry(), explaining that the caller must hold > map_entries_lock and must not release that lock until processing of > firmware_map_find_entry()'s return value has completed. Thank you for your advice, I'll fix it soon. Since you have merged the patch-set, do I need to resend all these patches again, or just send a patch to fix it based on the current one ? Thanks. :) > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists