lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <AANLkTi=PwGXTKKyXDA1sckosbGmeo+D0bGuXt3Jb-ttc@mail.gmail.com>
Date:	Fri, 24 Dec 2010 22:24:02 +0800
From:	Hillf Danton <dhillf@...il.com>
To:	Greg KH <gregkh@...e.de>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] fix freeing user_struct in user cache

On Fri, Dec 24, 2010 at 11:55 AM, Greg KH <gregkh@...e.de> wrote:
> On Thu, Dec 23, 2010 at 08:52:34PM +0800, Hillf Danton wrote:
>> When racing on adding into user cache, the new allocated from mm slab
>> is freed without putting user namespace.
>>
>> Since the user namespace is already operated by getting, putting has
>> to be issued.
>>
>> btw, it could be freed out of lock?
>>
>> Signed-off-by: Hillf Danton <dhillf@...il.com>
>> ---
>>
>> --- a/kernel/user.c   2010-11-01 19:54:12.000000000 +0800
>> +++ b/kernel/user.c   2010-12-23 20:42:00.000000000 +0800
>> @@ -158,6 +158,7 @@ struct user_struct *alloc_uid(struct use
>>               spin_lock_irq(&uidhash_lock);
>>               up = uid_hash_find(uid, hashent);
>>               if (up) {
>> +                     put_user_ns(ns);
>>                       key_put(new->uid_keyring);
>>                       key_put(new->session_keyring);
>>                       kmem_cache_free(uid_cachep, new);
>
> Hm, are you sure about this?  Also, why send this to me, did I last
> touch this?
>

sure with no doubt.

I do not know if you touched that last, but I received the following message,

On Tue, Dec 21, 2010 at 3:42 AM,  <gregkh@...e.de> wrote:
>
> This is a note to let you know that I've just added the patch titled
>
>    bonding: Fix slave selection bug.
>
> to the 2.6.36-stable tree which can be found at:
>    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

so you were Cced since you charge patch delivered.

Cheers

Hillf

> confused,
>
> greg k-h
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ