lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130402195303.GB5703@thunk.org>
Date:	Tue, 2 Apr 2013 15:53:03 -0400
From:	Theodore Ts'o <tytso@....edu>
To:	Kent Overstreet <koverstreet@...gle.com>
Cc:	linux-kernel@...r.kernel.org, linux-aio@...ck.org,
	akpm@...ux-foundation.org, Zach Brown <zab@...hat.com>,
	Felipe Balbi <balbi@...com>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Mark Fasheh <mfasheh@...e.com>,
	Joel Becker <jlbec@...lplan.org>,
	Rusty Russell <rusty@...tcorp.com.au>,
	Jens Axboe <axboe@...nel.dk>,
	Asai Thambi S P <asamymuthupa@...ron.com>,
	Selvan Mani <smani@...ron.com>,
	Sam Bradshaw <sbradshaw@...ron.com>,
	Jeff Moyer <jmoyer@...hat.com>,
	Al Viro <viro@...iv.linux.org.uk>,
	Benjamin LaHaise <bcrl@...ck.org>,
	Minchan Kim <minchan@...nel.org>
Subject: Re: [PATCH 30/33] block, aio: batch completion for bios/kiocbs

On Thu, Mar 21, 2013 at 09:35:51AM -0700, Kent Overstreet wrote:
> +		if (unlikely(req->ki_eventfd != eventfd)) {
> +			if (eventfd) {
> +				/* Make event visible */
> +				kioctx_ring_unlock(ctx, tail);
> +				ctx = NULL;
> +
> +				eventfd_signal(eventfd, 1);
> +				eventfd_ctx_put(eventfd);
> +			}

I just noticed something else.  There's a ring unlock here().... but
there isn't a matching ring_lock(), or an exit from the function.
Since you've set the ctx to be NULL, then subsequently, aren't we
going to crash at the subseqent kioctx_ring_unlock() below....

> +
> +			eventfd = req->ki_eventfd;
> +			req->ki_eventfd = NULL;
> +		}
> +
> +		if (unlikely(req->ki_ctx != ctx)) {
> +			kioctx_ring_unlock(ctx, tail);
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

(Or the kioctx_ring_unlock() at the end of this function after the
while loop terminates.)

						- Ted

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ