| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1154626843.23655.101.camel@localhost.localdomain> Date: Thu, 03 Aug 2006 18:40:42 +0100 From: Alan Cox <alan@...rguk.ukuu.org.uk> To: David Miller <davem@...emloft.net> Cc: davej@...hat.com, linux-kernel@...r.kernel.org, jbaron@...hat.com Subject: Re: frequent slab corruption (since a long time) Ar Mer, 2006-08-02 am 15:49 -0700, ysgrifennodd David Miller: > > None of the code manipulating tty->count seems to be under > > the tty_mutex. Should it be ? > > Or is this protected through some other means? > > It is in the primary code paths at least, all callers of init_dev() > (which increments tty->count) grab the mutex and also release_dev() > grabs the mutex around tty->count manipulations. I've been auditing tty code and its joyously bad but only in harmless places so far except for one. init_dev (and caller) relies on tty_mutex to ensure that the driver->ttys list is protected from things going away. release_mem() removes stuff from the said list and frees memory. It is not always called under tty_mutex and that appears very dubious to me at the moment although tty->closing and the BKL *might* be sufficient. Alan - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists