| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Aug 2011 10:43:23 +0100 From: Alan Cox <alan@...rguk.ukuu.org.uk> To: Vincent Palatin <vpalatin@...omium.org> Cc: Oliver Neukum <oliver@...kum.name>, Greg Kroah-Hartman <gregkh@...e.de>, linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] USB: cdc-acm: fix possible null pointer in acm_tty_hangup On Mon, 8 Aug 2011 15:38:20 -0700 Vincent Palatin <vpalatin@...omium.org> wrote: > Sometimes, acm_tty_hangup and acm_tty_close are called concurrently. > This results in acm pointer being null in acm_tty_hangup and panics when > it is dereferenced. This is definitely not the way to attack the problem. The tty port hangup and close logic will do all the needed locking and do it right. The big problem here is touching tty->driver_data. If you have a block of memory that is tied to the tty object lifetime it needs to get destroyed when the tty object is destroyed not as close/hangup or you still leave races. Take a look at tty_port_close tty_port_hangup and in particular for port internal sychronization of open/close/hangup once only events at port->ops->activate port->ops->shutdown port->ops->destruct and for a tty lifetime object tty->ops->shutdown Alan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists