lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LNX.1.10.0808030006040.2294@titan.stealer.net>
Date:	Sun, 3 Aug 2008 00:27:39 +0200 (CEST)
From:	Sven Wegener <sven.wegener@...aler.net>
To:	Oliver Pinter <pinter.oliver.villany@...il.com>
cc:	Oleg Nesterov <oleg@...sign.ru>, linux-kernel@...r.kernel.org,
	w@....eu, Roland McGrath <roland@...hat.com>,
	john stultz <johnstul@...ibm.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Roland McGrath <roland@...hat.com>,
	Oliver Pinter <oliver.pntr@...il.com>
Subject: Re: [RFC, 2.6.26.2-rc1] posix timers: release_posix_timer: kill the
 bogus put_task_struct(->it_process)

On Sat, 2 Aug 2008, Oliver Pinter wrote:

> It is an RFC for sending this patch for stable, when this patch needed, then send ACK and CC stable,
> if not then send NAK.

I'd say big NAK. Have you ever looked at the full commit message and patch 
at all? It says "release_posix_timer() can't be called with ->it_process 
!= NULL.". Point. The rest is the explanation why this can't happen. And 
looking at the patch, we see that it just removes code that actually never 
gets executed under the mentioned preconditions. It's a pure cleanup patch 
and doesn't qualify for -stable. Same goes for the other posix timer patch 
you mailed out.

> ---
> From 96347e7759e2e433c427defa0fa1adfc8cce6226 Mon Sep 17 00:00:00 2001
> From: Oleg Nesterov <oleg@...sign.ru>
> Date: Fri, 25 Jul 2008 01:47:27 -0700
> Subject: [PATCH] posix timers: release_posix_timer: kill the bogus put_task_struct(->it_process);
> 
> [ Upstream commit 96347e7759e2e433c427defa0fa1adfc8cce6226 ]
> 
> release_posix_timer() can't be called with ->it_process != NULL.  Once
> sys_timer_create() sets ->it_process it must not call
> release_posix_timer(), otherwise we can race with another thread doing
> sys_timer_delete(), this timer is visible to idr_find() and unlocked.
> 
> The same is true for two other callers (actually, for any possible
> caller), sys_timer_delete() and itimer_delete().  They must clear
> ->it_process before unlock_timer() + release_posix_timer().
> 
> Signed-off-by: Oleg Nesterov <oleg@...sign.ru>
> Acked-by: Roland McGrath <roland@...hat.com>
> Cc: john stultz <johnstul@...ibm.com>
> Cc: Thomas Gleixner <tglx@...utronix.de>
> Cc: Roland McGrath <roland@...hat.com>
> Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
> Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org>
> CC: Oliver Pinter <oliver.pntr@...il.com>
> 
> diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c
> index 17f5326..9a21681 100644
> --- a/kernel/posix-timers.c
> +++ b/kernel/posix-timers.c
> @@ -449,9 +449,6 @@ static void release_posix_timer(struct k_itimer *tmr, int it_id_set)
>  		spin_unlock_irqrestore(&idr_lock, flags);
>  	}
>  	sigqueue_free(tmr->sigq);
> -	if (unlikely(tmr->it_process) &&
> -	    tmr->it_sigev_notify == (SIGEV_SIGNAL|SIGEV_THREAD_ID))
> -		put_task_struct(tmr->it_process);
>  	kmem_cache_free(posix_timers_cache, tmr);
>  }
>  
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ