lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1357552816-6046-1-git-send-email-Julia.Lawall@lip6.fr>
Date:	Mon,  7 Jan 2013 11:00:14 +0100
From:	Julia Lawall <Julia.Lawall@...6.fr>
To:	linux-kernel@...r.kernel.org
Cc:	kernel-janitors@...r.kernel.org
Subject: [PATCH 0/2] reposition free_irq to avoid access to invalid data

The data referenced by an interrupt handler should not be freed before the
interrupt is ended.

The semantic match that finds this problem is as follows
(http://coccinelle.lip6.fr/).  The basic idea behind this semantic match is
to find cases where the order of the call to free_irq is different than its
order in some error-handling code.  This semantic match, however, has a
high rate of false positives, because most of the time the order doesn't
seem to matter.

// <smpl>
@fn exists@
expression list es;
expression a,b;
identifier f;
@@

if (...) {
  ... when any
  free_irq(a,b);
  ... when any
  f(es);
  ... when any
  return ...;
}

@@
expression list fn.es;
expression fn.a,fn.b;
identifier fn.f;
@@

*f(es);
... when any
*free_irq(a,b);
// </smpl>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ