lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1213127909.20459.48.camel@localhost>
Date:	Tue, 10 Jun 2008 15:58:29 -0400
From:	Trond Myklebust <trond.myklebust@....uio.no>
To:	Jeff Layton <jlayton@...hat.com>
Cc:	Daniel J Blueman <daniel.blueman@...il.com>,
	linux-nfs@...r.kernel.org, nfsv4@...ux-nfs.org,
	Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: [2.6.26-rc4] mount.nfsv4/memory poisoning issues...

On Tue, 2008-06-10 at 15:13 -0400, Jeff Layton wrote:

> I think you're basically correct, but it looks to me like the
> nfs_callback_mutex actually protects nfs_callback_info.task as well.
> 
> If we're starting the thread, then we can't call kthread_stop on it
> until we release the mutex. So the thread can't exit until we release
> the mutex, and we can be guaranteed that this:
> 
>      nfs_callback_info.task = NULL;
> 
> ...can't happen until after kthread_run returns and nfs_callback_up
> sets it.
> 
> If that's right, then maybe this (untested, RFC only) patch would make sense?

Hmm... I suppose that is correct, but what if nfs_alloc_client() does

	nfs_callback_up();
	<kstrdup() fails>
	nfs_callback_down();

AFAICS, if nfs_callback_down() gets called before the kthread() function
gets scheduled back in, then you can get left with a value of
nfs_callback_info.task != NULL, since nfs_callback_svc() will never be
called.

Wouldn't it therefore make more sense to clear nfs_callback_info.task in
nfs_callback_down()?

Cheers
  Trond

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ