lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 8 Oct 2012 12:52:07 -0700
From:	"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>
To:	Fengguang Wu <fengguang.wu@...el.com>
Cc:	Aristeu Rozanski <aris@...hat.com>,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: cgroup.h:566 suspicious rcu_dereference_check() usage!

On Sat, Oct 06, 2012 at 09:16:07PM +0800, Fengguang Wu wrote:
> Hi Aristeu,
> 
> I got the below warning in linus/master and linux-next, and it's
> bisected down to:

Cristian Rodríguez reported what looks like the same bug.  Does the
patch below fix it?

							Thanx, Paul

------------------------------------------------------------------------

device_cgroup: Restore rcu_read_lock() protection to devcgroup_inode_mknod()

Commit ad676077 (device_cgroup: convert device_cgroup internally to
policy + exceptions) restructured devcgroup_inode_mknod(), removing
rcu_read_lock() in the process.  However, RCU read-side protection
is required by the call to task_devcgroup(), so this commit restores
the rcu_read_lock() and rcu_read_unlock().

Reported-by: Cristian Rodríguez <crrodriguez@...nsuse.org>
Reported-by: Fengguang Wu <fengguang.wu@...el.com>
Signed-off-by: Paul E. McKenney <paulmck@...ux.vnet.ibm.com>

diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 44dfc41..c686110 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -576,9 +576,12 @@ int __devcgroup_inode_permission(struct inode *inode, int mask)
 
 int devcgroup_inode_mknod(int mode, dev_t dev)
 {
-	struct dev_cgroup *dev_cgroup = task_devcgroup(current);
+	struct dev_cgroup *dev_cgroup;
+	int ret;
 	short type;
 
+	rcu_read_lock();
+	dev_cgroup = task_devcgroup(current);
 	if (!S_ISBLK(mode) && !S_ISCHR(mode))
 		return 0;
 
@@ -587,7 +590,9 @@ int devcgroup_inode_mknod(int mode, dev_t dev)
 	else
 		type = DEV_CHAR;
 
-	return __devcgroup_check_permission(dev_cgroup, type, MAJOR(dev),
+	ret =  __devcgroup_check_permission(dev_cgroup, type, MAJOR(dev),
 					    MINOR(dev), ACC_MKNOD);
+	rcu_read_unlock();
+	return ret;
 
 }

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists