lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20081016161145.58bbe635.akpm@linux-foundation.org>
Date:	Thu, 16 Oct 2008 16:11:45 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Dean Nelson <dcn@....com>
Cc:	mingo@...e.hu, linux-kernel@...r.kernel.org, stable@...nel.org
Subject: Re: [PATCH] NULL struct irq_desc's member 'name' in
 dynamic_irq_cleanup()

On Thu, 16 Oct 2008 07:58:08 -0500
Dean Nelson <dcn@....com> wrote:

> If the member 'name' of the irq_desc structure happens to point to a character
> string that is resident within a kernel module, problems insue if that module
> is rmmod'd (at which time dynamic_irq_cleanup() is called) and then later
> show_interrupts() is called by someone.

It would be nice to spell out what the "problems" are.

> It is also not a good thing if the
> character string resided in kmalloc'd space that has been kfree'd (after
> having called dynamic_irq_cleanup()). dynamic_irq_cleanup() fails to NULL
> the 'name' member and show_interrupts() references it on a few architectures
> (like h8300, sh and x86).
> 
> Signed-off-by: Dean Nelson <dcn@....com>
> 
> ---
> 
>  kernel/irq/chip.c |    1 +
>  1 file changed, 1 insertion(+)
> 
> Index: linux/kernel/irq/chip.c
> ===================================================================
> --- linux.orig/kernel/irq/chip.c	2008-10-15 07:44:31.000000000 -0500
> +++ linux/kernel/irq/chip.c	2008-10-16 06:55:56.000000000 -0500
> @@ -79,6 +79,7 @@ void dynamic_irq_cleanup(unsigned int ir
>  	desc->chip_data = NULL;
>  	desc->handle_irq = handle_bad_irq;
>  	desc->chip = &no_irq_chip;
> +	desc->name = NULL;
>  	spin_unlock_irqrestore(&desc->lock, flags);
>  }
>  

Because we should work out whether this should be backported into
-stable.  And if so, how far back it should go.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ