lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 Sep 2013 13:12:14 +0800 From: Libin <huawei.libin@...wei.com> To: <tj@...nel.org> CC: <linux-kernel@...r.kernel.org>, <wangyijing@...wei.com>, <guohanjun@...wei.com>, <huawei.libin@...wei.com> Subject: [PATCH] workqueue: fix potential reentrancy issue From: Li Bin <huawei.libin@...wei.com> When one work starts execution, the high bits of work's data contain pool ID. It can represent a maximum of WORK_OFFQ_POOL_NONE. Pool ID is assigned WORK_OFFQ_POOL_NONE when the work being initialized indicating that no pool is associated and get_work_pool() uses it to check the associated pool. So if worker_pool_assign_id() assigns a ID greater than or equal WORK_OFFQ_POOL_NONE to a pool, it may break the non-reentrance guarantee. This patch fix this issue by modifying the worker_pool_assign_id() function to add the WORK_OFFQ_POOL_NONE check condition. Signed-off-by: Li Bin <huawei.libin@...wei.com> --- kernel/workqueue.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/kernel/workqueue.c b/kernel/workqueue.c index 41019b1..97d9ff7 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c @@ -518,7 +518,14 @@ static inline void debug_work_activate(struct work_struct *work) { } static inline void debug_work_deactivate(struct work_struct *work) { } #endif -/* allocate ID and assign it to @pool */ +/** + * worker_pool_assign_id - allocate ID and assing it to @pool + * @pool: the pool pointer of interest + * + * Return 0 if ID assigned successful. + * Return non-zero if the allocation fails or the ID number out of + * %WORK_OFFQ_POOL_NONE range. + */ static int worker_pool_assign_id(struct worker_pool *pool) { int ret; @@ -526,6 +533,8 @@ static int worker_pool_assign_id(struct worker_pool *pool) lockdep_assert_held(&wq_pool_mutex); ret = idr_alloc(&worker_pool_idr, pool, 0, 0, GFP_KERNEL); + if (ret >= WORK_OFFQ_POOL_NONE) + return ret; if (ret >= 0) { pool->id = ret; return 0; -- 1.8.2.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists