lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5241522D.10008@colorfullife.com>
Date:	Tue, 24 Sep 2013 10:49:49 +0200
From:	Manfred Spraul <manfred@...orfullife.com>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
CC:	Davidlohr Bueso <davidlohr@...com>,
	Eric Paris <eparis@...isplace.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Rik van Riel <riel@...hat.com>,
	Mike Galbraith <efault@....de>,
	Sedat Dilek <sedat.dilek@...il.com>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Stephen Smalley <sds@...ho.nsa.gov>,
	James Morris <james.l.morris@...cle.com>,
	LSM List <linux-security-module@...r.kernel.org>,
	Casey Schaufler <casey@...aufler-ca.com>
Subject: Re: [PATCH 0/4] ipc: shm and msg fixes

Hi Linus,

On 09/24/2013 03:22 AM, Linus Torvalds wrote:
> On Mon, Sep 23, 2013 at 5:04 PM, Davidlohr Bueso <davidlohr@...com> wrote:
>> Ok, so here's the code - again I've tested it with LTP on the resources
>> I have.
> This looks good to me.
>
> Manfred, mind giving this a look-over and see if this resolves your
> race concerns too?
All race concerns with regards to code outside ipc are resolved.

My current list of open issues:

https://bugzilla.kernel.org/show_bug.cgi?id=61351
     Fix is in mm tree (ipc-semc-fix-race-in-sem_lock.patch)

https://bugzilla.kernel.org/show_bug.cgi?id=61321
https://bugzilla.kernel.org/show_bug.cgi?id=61331
https://bugzilla.kernel.org/show_bug.cgi?id=61341
     All 3 are fixed by Davidlohr's patch

https://bugzilla.kernel.org/show_bug.cgi?id=61361
https://bugzilla.kernel.org/show_bug.cgi?id=61371
     Both still open. The fix is trivial:
     Sprinkle a fair amount of "if (perm.deleted) return -EIDRM;" after 
ipc_lock.

And now new:
1) ipc/namespace.c:
     free_ipcs() still assumes the "old style" free calls:
     rcu_lock and ipc_lock dropped within the callback.

     freeary() was converted - but free_ipcs was not updated.

     Thus:
     Closing a namespace with sem arrays and threads that are waiting on 
the array with semtimedop() and bad timing can deadlock the semtimedop 
thread.
     (i.e.: spin_lock() waiting forever).

2) ipc/sem.c:
     The proc interface calls ipc_lock() directly - thus the exclusion 
of simple semop's is missing with sysvipc_sem_proc_show().
     A "sem_wait_array()" might be added as the first line into 
sysvipc_sem_proc_show().

     It's more a correctness thing: Nothing breaks if get_semotime() is 
called in parallel with simple ops.

3) The missing update of sem_otime for simple ops that Jia He found
http://marc.info/?l=linux-kernel&m=137981594522009&w=2

--
     Manfred
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ