lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 10 Sep 2013 08:33:33 +0800
From:	Libin <huawei.libin@...wei.com>
To:	Tejun Heo <tj@...nel.org>
CC:	<linux-kernel@...r.kernel.org>, <wangyijing@...wei.com>,
	<guohanjun@...wei.com>
Subject: Re: [PATCH] workqueue: fix potential reentrancy issue

Hello Tejun,
On 2013/9/9 22:14, Tejun Heo wrote:
> On Mon, Sep 09, 2013 at 01:12:14PM +0800, Libin wrote:
>> From: Li Bin <huawei.libin@...wei.com>
>>
>> When one work starts execution, the high bits of work's data contain
>> pool ID. It can represent a maximum of WORK_OFFQ_POOL_NONE. Pool ID
>> is assigned WORK_OFFQ_POOL_NONE when the work being initialized
>> indicating that no pool is associated and get_work_pool() uses it to
>> check the associated pool. So if worker_pool_assign_id() assigns a
>> ID greater than or equal WORK_OFFQ_POOL_NONE to a pool, it may break
>> the non-reentrance guarantee.
>>
>> This patch fix this issue by modifying the worker_pool_assign_id()
>> function to add the WORK_OFFQ_POOL_NONE check condition.
>>
>> Signed-off-by: Li Bin <huawei.libin@...wei.com>
>> ---
>>  kernel/workqueue.c | 11 ++++++++++-
>>  1 file changed, 10 insertions(+), 1 deletion(-)
>>
>> diff --git a/kernel/workqueue.c b/kernel/workqueue.c
>> index 41019b1..97d9ff7 100644
>> --- a/kernel/workqueue.c
>> +++ b/kernel/workqueue.c
>> @@ -518,7 +518,14 @@ static inline void debug_work_activate(struct work_struct *work) { }
>>  static inline void debug_work_deactivate(struct work_struct *work) { }
>>  #endif
>>  
>> -/* allocate ID and assign it to @pool */
>> +/**
>> + * worker_pool_assign_id - allocate ID and assing it to @pool
>> + * @pool: the pool pointer of interest
>> + *
>> + * Return 0 if ID assigned successful.
>> + * Return non-zero if the allocation fails or the ID number out of
>> + * %WORK_OFFQ_POOL_NONE range.
>> + */
>>  static int worker_pool_assign_id(struct worker_pool *pool)
>>  {
>>  	int ret;
>> @@ -526,6 +533,8 @@ static int worker_pool_assign_id(struct worker_pool *pool)
>>  	lockdep_assert_held(&wq_pool_mutex);
>>  
>>  	ret = idr_alloc(&worker_pool_idr, pool, 0, 0, GFP_KERNEL);
>> +	if (ret >= WORK_OFFQ_POOL_NONE)
>> +		return ret;
> 
> Hmmm.... this would leak the allocated ID.  Just setting @end param to
> idr_alloc to WORK_OFFQ_POOL_NONE would work, right?
> 

Yes, I will update it with the last patch.
Thanks!
Libin

> Thanks.
> 


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ