lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 12 Jul 2011 07:55:58 +0200
From:	Bart Van Assche <bvanassche@....org>
To:	Jim Cromie <jim.cromie@...il.com>
Cc:	jbaron@...hat.com, linux-kernel@...r.kernel.org, joe@...ches.com,
	gregkh@...e.de, gnb@...h.org
Subject: Re: [PATCH 09/21] dynamic_debug: save_pending() saves non-matching
 queries for later.

On Mon, Jul 11, 2011 at 9:46 AM, Jim Cromie <jim.cromie@...il.com> wrote:
> +/* copy query off stack, save flags & mask, and store in pending-list */
> +static int ddebug_save_pending(struct ddebug_query *query,
> +                               unsigned int flags, unsigned int mask)
> +{
> +       struct pending_query *pq;
> +
> +       if (verbose)
> +               pr_info("add to pending: %s\n", show_ddebug_query(query));
> +
> +       pending_ct++;
> +       pq = kzalloc(sizeof(struct pending_query), GFP_KERNEL);
> +       if (pq == NULL)
> +               return -ENOMEM;
> +
> +       /* copy non-null match-specs into allocd mem, update pointers */
> +       if (query->module)
> +               pq->query.module = strcpy(pq->module, query->module);
> +       if (query->function)
> +               pq->query.function = strcpy(pq->function, query->function);
> +       if (query->filename)
> +               pq->query.filename = strcpy(pq->filename, query->filename);
> +       if (query->format)
> +               pq->query.format = strcpy(pq->format, query->format);
> +
> +       pq->flags = flags;
> +       pq->mask = mask;
> +
> +       mutex_lock(&ddebug_lock);
> +       list_add(&pq->link, &pending_queries);
> +       mutex_unlock(&ddebug_lock);
> +
> +       if (verbose)
> +               pr_info("query saved as pending %d\n", pending_ct);
> +       return 0;
> +}

As I wrote before, manipulating pending_ct without protecting it by
any kind of locking is racy.

Bart.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ