lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <54724B8A.8080607@redhat.com>
Date:	Sun, 23 Nov 2014 16:03:06 -0500
From:	Rik van Riel <riel@...hat.com>
To:	Manfred Spraul <manfred@...orfullife.com>,
	linux-kernel@...r.kernel.org
CC:	Andrew Morton <akpm@...ux-foundation.org>,
	Davidlohr Bueso <davidlohr@...com>,
	Rafael Aquini <aquini@...hat.com>, 1vier1@....de
Subject: Re: [PATCH] ipc,sem block sem_lock on sma->lock during sma initialization

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/23/2014 01:23 PM, Manfred Spraul wrote:
> Hi Rik,
> 
> On 11/21/2014 08:52 PM, Rik van Riel wrote:
>> When manipulating just one semaphore with semop, sem_lock only
>> takes that single semaphore's lock. This creates a problem during
>> initialization of the semaphore array, when the data structures
>> used by sem_lock have not been set up yet. The sma->lock is
>> already held by newary, and we just have to make sure everything
>> else waits on that lock during initialization.
>> 
>> Luckily it is easy to make sem_lock wait on the sma->lock, by
>> pretending there is a complex operation in progress while the sma
>> is being initialized.
> That's not sufficient, as sma->sem_nsems is accessed before
> calling sem_lock(), both within find_alloc_undo() and within
> semtimedop().
> 
> The root problem is that sma->sem_nsems and sma->sem_base are
> accessed without any locks, this conflicts with the approach that
> sma starts to exist as not yet initialized but locked and is
> unlocked after the initialization is completed.
> 
> Attached is an idea. It did pass a few short tests. What do you
> think?

This was my other idea for fixing the issue; unfortunately
I didn't think of it until after I sent the first patch :)

You are right that without that change, we can return the
wrong error codes to userspace.

I will give the patch a try, though I have so far been unable
to reproduce the bug that the customer reported, so I am unlikely
to give much in the way of useful testing results...

Andrew, feel free to give Manfred's patch my

Acked-by: Rik van Riel <riel@...hat.com>

It closes off more things than my patch did, in a similar way
(doing something before ipc_addid)

- -- 
All rights reversed
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUckuKAAoJEM553pKExN6DfRoH/jjcBpLwKzrId8aFtuSWYgv3
I7LNzoGozb6Lvn1D1lt/sREdl74KIQptaVClQzphIubiAkQPJVgzqe43f01mqaPu
mSjGKarjfKXwUNfa+Q3pW7b2hnbdfTfyQDsTr6JhSpy0ynsmmNb1J2S7E2E2B40r
KbOETKeKRTq4vYCk4Em5S4OJg31AoXNoXMVwciOB0M/QDFCSB+4JdKrRsiz6Hm1o
+JlRtgwUY6m047Ur65MKeN1bkx1cgqK8tzayMpXW+PTI9cVs6153tlWXmQoXP+Co
lHrODmKkhOhJfOr3q0YvrwnaZOVKliKLVV0YkQ+6pi4SAqSjH7pV0jWr/FsaLIA=
=u6vO
-----END PGP SIGNATURE-----
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ