lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 28 Oct 2006 14:36:31 +0200
From:	Eric Dumazet <dada1@...mosbay.com>
To:	Evgeniy Polyakov <johnpol@....mipt.ru>
Cc:	David Miller <davem@...emloft.net>,
	Ulrich Drepper <drepper@...hat.com>,
	Andrew Morton <akpm@...l.org>, netdev <netdev@...r.kernel.org>,
	Zach Brown <zach.brown@...cle.com>,
	Christoph Hellwig <hch@...radead.org>,
	Chase Venters <chase.venters@...entec.com>,
	Johann Borck <johann.borck@...sedata.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [take21 1/4] kevent: Core files.

Evgeniy Polyakov a e'crit :
> On Sat, Oct 28, 2006 at 12:28:12PM +0200, Eric Dumazet (dada1@...mosbay.com) wrote:
>>
>> I really dont understand how you manage to queue multiple kevents in the 
>> 'overflow list'. You just queue one kevent at most. What am I missing ?
> 
> There is no overflow list - it is a pointer to the first kevent in the
> ready queue, which was not put into ring buffer. It is an optimisation, 
> which allows to not search for that position each time new event should 
> be placed into the buffer, when it starts to have an empty slot.

This overflow list (you may call it differently, but still it IS a list), is 
not complete. I feel you add it just to make me happy, but I am not (yet :) )

For example, you make no test at kevent_finish_user_complete() time.

Obviously, you can have a dangling pointer, and crash your box in certain 
conditions.

static void kevent_finish_user_complete(struct kevent *k, int deq)
{
	struct kevent_user *u = k->user;
	unsigned long flags;

	if (deq)
		kevent_dequeue(k);

	spin_lock_irqsave(&u->ready_lock, flags);
	if (k->flags & KEVENT_READY) {
+               if (u->overflow_event == k) {
+		/* MUST do something to change u->overflow_kevent */
+		}
		list_del(&k->ready_entry);
		k->flags &= ~KEVENT_READY;
		u->ready_num--;
	}
	spin_unlock_irqrestore(&u->ready_lock, flags);

	kevent_user_put(u);
	call_rcu(&k->rcu_head, kevent_free_rcu);
}

Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ