lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 9 Sep 2013 10:14:30 -0400
From:	Tejun Heo <tj@...nel.org>
To:	Libin <huawei.libin@...wei.com>
Cc:	linux-kernel@...r.kernel.org, wangyijing@...wei.com,
	guohanjun@...wei.com
Subject: Re: [PATCH] workqueue: fix potential reentrancy issue

On Mon, Sep 09, 2013 at 01:12:14PM +0800, Libin wrote:
> From: Li Bin <huawei.libin@...wei.com>
> 
> When one work starts execution, the high bits of work's data contain
> pool ID. It can represent a maximum of WORK_OFFQ_POOL_NONE. Pool ID
> is assigned WORK_OFFQ_POOL_NONE when the work being initialized
> indicating that no pool is associated and get_work_pool() uses it to
> check the associated pool. So if worker_pool_assign_id() assigns a
> ID greater than or equal WORK_OFFQ_POOL_NONE to a pool, it may break
> the non-reentrance guarantee.
> 
> This patch fix this issue by modifying the worker_pool_assign_id()
> function to add the WORK_OFFQ_POOL_NONE check condition.
> 
> Signed-off-by: Li Bin <huawei.libin@...wei.com>
> ---
>  kernel/workqueue.c | 11 ++++++++++-
>  1 file changed, 10 insertions(+), 1 deletion(-)
> 
> diff --git a/kernel/workqueue.c b/kernel/workqueue.c
> index 41019b1..97d9ff7 100644
> --- a/kernel/workqueue.c
> +++ b/kernel/workqueue.c
> @@ -518,7 +518,14 @@ static inline void debug_work_activate(struct work_struct *work) { }
>  static inline void debug_work_deactivate(struct work_struct *work) { }
>  #endif
>  
> -/* allocate ID and assign it to @pool */
> +/**
> + * worker_pool_assign_id - allocate ID and assing it to @pool
> + * @pool: the pool pointer of interest
> + *
> + * Return 0 if ID assigned successful.
> + * Return non-zero if the allocation fails or the ID number out of
> + * %WORK_OFFQ_POOL_NONE range.
> + */
>  static int worker_pool_assign_id(struct worker_pool *pool)
>  {
>  	int ret;
> @@ -526,6 +533,8 @@ static int worker_pool_assign_id(struct worker_pool *pool)
>  	lockdep_assert_held(&wq_pool_mutex);
>  
>  	ret = idr_alloc(&worker_pool_idr, pool, 0, 0, GFP_KERNEL);
> +	if (ret >= WORK_OFFQ_POOL_NONE)
> +		return ret;

Hmmm.... this would leak the allocated ID.  Just setting @end param to
idr_alloc to WORK_OFFQ_POOL_NONE would work, right?

Thanks.

-- 
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ