lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 29 Oct 2006 14:46:59 -0500
From:	Trond Myklebust <Trond.Myklebust@...app.com>
To:	Akinobu Mita <akinobu.mita@...il.com>
Cc:	linux-kernel@...r.kernel.org, Andy Adamson <andros@...i.umich.edu>,
	"J. Bruce Fields" <bfields@...i.umich.edu>
Subject: Re: [PATCH] auth_gss: unregister gss_domain when unloading module

On Sun, 2006-10-29 at 03:55 +0900, Akinobu Mita wrote:
> Reloading rpcsec_gss_krb5 or rpcsec_gss_spkm3 hit duplicate
> registration in svcauth_gss_register_pseudoflavor().
> (If DEBUG_PAGEALLOC is enabled, oops will happen at
> auth_domain_put() --> hlist_del() with uninitialized hlist_node)
> 
> svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name)
> {
> 	...
> 
>         test = auth_domain_lookup(name, &new->h);
>         if (test != &new->h) { /* XXX Duplicate registration? */
>                 auth_domain_put(&new->h);
>                 /* dangling ref-count... */
> 	...
> }
> 
> This patch unregisters gss_domain and free it when unloading
> modules (rpcsec_gss_krb5 or rpcsec_gss_spkm3 module call
> gss_mech_unregister())
> 
> Cc: Andy Adamson <andros@...i.umich.edu>
> Cc: "J. Bruce Fields" <bfields@...i.umich.edu>
> Cc: Trond Myklebust <Trond.Myklebust@...app.com>
> Signed-off-by: Akinobu Mita <akinobu.mita@...il.com>
> 
>  net/sunrpc/auth_gss/gss_mech_switch.c |    4 ++++
>  net/sunrpc/auth_gss/svcauth_gss.c     |    6 +++---
>  2 files changed, 7 insertions(+), 3 deletions(-)
> 
> Index: work-fault-inject/net/sunrpc/auth_gss/gss_mech_switch.c
> ===================================================================
> --- work-fault-inject.orig/net/sunrpc/auth_gss/gss_mech_switch.c
> +++ work-fault-inject/net/sunrpc/auth_gss/gss_mech_switch.c
> @@ -59,7 +59,11 @@ gss_mech_free(struct gss_api_mech *gm)
>  	int i;
>  
>  	for (i = 0; i < gm->gm_pf_num; i++) {
> +		struct auth_domain *dom;
> +
>  		pf = &gm->gm_pfs[i];
> +		dom = auth_domain_find(pf->auth_domain_name);
> +		auth_domain_put(dom);

Since auth_domain_find() takes a reference on "dom", and
auth_domain_put() releases it, won't this just be a no-op?

>  		kfree(pf->auth_domain_name);
>  		pf->auth_domain_name = NULL;
>  	}
> Index: work-fault-inject/net/sunrpc/auth_gss/svcauth_gss.c
> ===================================================================
> --- work-fault-inject.orig/net/sunrpc/auth_gss/svcauth_gss.c
> +++ work-fault-inject/net/sunrpc/auth_gss/svcauth_gss.c
> @@ -765,9 +765,9 @@ svcauth_gss_register_pseudoflavor(u32 ps
>  
>  	test = auth_domain_lookup(name, &new->h);
>  	if (test != &new->h) { /* XXX Duplicate registration? */
> -		auth_domain_put(&new->h);
> -		/* dangling ref-count... */
> -		goto out;
> +		WARN_ON(1);
> +		kfree(new->h.name);
> +		goto out_free_dom;
>  	}
>  	return 0;
>  

Cheers,
  Trond
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ