| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Jun 2014 16:25:14 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: Oleg Nesterov <oleg@...hat.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
LKML <linux-kernel@...r.kernel.org>,
Thomas Gleixner <tglx@...utronix.de>,
Peter Zijlstra <peterz@...radead.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Ingo Molnar <mingo@...nel.org>,
Clark Williams <williams@...hat.com>,
"Luis Claudio R. Goncalves" <lclaudio@...g.org>
Subject: Re: [BUG] signal: sighand unprotected when accessed by /proc
On Tue, 3 Jun 2014 22:09:38 +0200
Oleg Nesterov <oleg@...hat.com> wrote:
> > Now, if that lock is released and reused (I didn't trace other tasks
> > allocating these locks), it reinitializes the lock->wait_list.
>
> How? From where? This should be done by sighand_ctor() only?
This looks definitely like an -rt only bug and it's an obvious one at
that :-p
Looking in mm/slub.c: slab_alloc_node() we have this:
if (unlikely(gfpflags & __GFP_ZERO) && object)
memset(object, 0, s->object_size);
#ifdef CONFIG_PREEMPT_RT_FULL
if (unlikely(s->ctor) && object)
s->ctor(object);
#endif
slab_post_alloc_hook(s, gfpflags, object);
return object;
}
We call the ctor on the object when it is allocated, not when the page
is created.
Doh! I guess we now know why we shouldn't do that.
-- Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists