lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100521162659.GA16193@redhat.com>
Date:	Fri, 21 May 2010 18:26:59 +0200
From:	Oleg Nesterov <oleg@...hat.com>
To:	Mike Frysinger <vapier@...too.org>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	linux-sh@...r.kernel.org, Paul Mundt <lethal@...ux-sh.org>,
	uclinux-dist-devel@...ckfin.uclinux.org,
	linux-kernel@...r.kernel.org, David Howells <dhowells@...hat.com>,
	Roland McGrath <roland@...hat.com>
Subject: Re: [PATCH v2] ptrace: unify FDPIC implementations

On 05/21, Mike Frysinger wrote:
>
> The Blackfin/FRV/SuperH guys all have the same exact FDPIC ptrace code in
> their arch handlers (since they were probably copied & pasted).  Since
> these ptrace interfaces are an arch independent aspect of the FDPIC code,
> unify them in the common ptrace code so new FDPIC ports don't need to copy
> and paste this fundamental stuff yet again.
>
> Signed-off-by: Mike Frysinger <vapier@...too.org>
> Acked-by: Roland McGrath <roland@...hat.com>
> Acked-by: David Howells <dhowells@...hat.com>
> Acked-by: Paul Mundt <lethal@...ux-sh.org>

I think the patch is nice too.

But,

> --- a/kernel/ptrace.c
> +++ b/kernel/ptrace.c
> @@ -596,6 +596,26 @@ int ptrace_request(struct task_struct *child, long request,
>  		ret = ptrace_detach(child, data);
>  		break;
>
> +#ifdef CONFIG_BINFMT_ELF_FDPIC
> +	case PTRACE_GETFDPIC: {
> +		unsigned long tmp = 0;
> +
> +		switch (addr) {
> +		case PTRACE_GETFDPIC_EXEC:
> +			tmp = child->mm->context.exec_fdpic_loadmap;
> +			break;
> +		case PTRACE_GETFDPIC_INTERP:
> +			tmp = child->mm->context.interp_fdpic_loadmap;

This looks unsafe. What protect child->mm if ptrace() races with SIGKILL ?

Of course, I do not blame this patch, the code was copied from arch/, but
I think we need another patch which checks ->mm != NULL under task_lock()
on top of this one?

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ