lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <m14ojtogt6.fsf@fess.ebiederm.org>
Date:	Fri, 02 Apr 2010 11:22:29 -0700
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Oleg Nesterov <oleg@...hat.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Alan Cox <alan@...ux.intel.com>, Greg KH <greg@...ah.com>,
	Catalin Marinas <catalin.marinas@....com>,
	Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Serge Hallyn <serue@...ibm.com>,
	Sukadev Bhattiprolu <sukadev@...ibm.com>, stable@...nel.org
Subject: Re: [PATCH 1/1] tty: release_one_tty() forgets to put pids

Linus Torvalds <torvalds@...ux-foundation.org> writes:

> On Fri, 2 Apr 2010, Oleg Nesterov wrote:
>>
>> release_one_tty(tty) can be called when tty still has a reference
>> to pgrp/session. In this case we leak the pid.
>
> Hmm. Maybe we should have cleared this in tty_release() already. We 
> already do some of the session clearing there (but we clear the session in 
> the _tasks_ associated with the tty, not the tty session pointer).
>
> But:
>
>> The patch needs the ack from someone who understand tty magic.
>
> I think the patch is simpler than worrying about the much more complex 
> release logic. So I think I actually prefer this patch over something that 
> tries to be clever in tty_release.
>
> We might even push it into "free_tty_struct()", although I think that the 
> only non-release_one_tty() callers of that are the ones that allocated the 
> tty but due to some failure never connected it to anything. So on the 
> whole I think you picked the right spot.
>
> So I'll ACK it. But maybe Alan sees some problem/issue I didn't see.

I agree.   However we made it to release_one_tty with pids we need
to free them, before we free the tty structure itself.

My general paranoia would suggest setting the pids to NULL.  So that
we don't have the chance of a use after free.

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ