| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5148CA11.3010106@izyk.ru> Date: Wed, 20 Mar 2013 00:26:57 +0400 From: Ilya Zykov <linux@...k.ru> To: Peter Hurley <peter@...leysoftware.com> CC: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Jiri Slaby <jslaby@...e.cz>, linux-kernel@...r.kernel.org, linux-serial@...r.kernel.org Subject: Re: [PATCH 6/7] n_tty: Fix unsafe update of available buffer space On 19.03.2013 18:26, Peter Hurley wrote: > receive_room is used to control the amount of data the flip > buffer work can push to the read buffer. This update is unsafe: > > CPU 0 | CPU 1 > | > | n_tty_read() > | n_tty_set_room() > | left = <calc of space> > n_tty_receive_buf() | > <push data to buffer> | > n_tty_set_room() | > left = <calc of space> | > tty->receive_room = left | > | tty->receive_room = left > > receive_room is now updated with a stale calculation of the > available buffer space, and the subsequent work loop will likely > overwrite unread data in the input buffer. > Sounds reasonable to me. Thank you. Ilya Zykov <linux@...k.ru> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists