lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 29 Dec 2014 02:18:40 +0000
From:	Al Viro <viro@...IV.linux.org.uk>
To:	"Ma, Xindong" <xindong.ma@...el.com>
Cc:	"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
	"oleg@...hat.com" <oleg@...hat.com>,
	"mhocko@...e.cz" <mhocko@...e.cz>,
	"mingo@...nel.org" <mingo@...nel.org>,
	"peterz@...radead.org" <peterz@...radead.org>,
	"riel@...hat.com" <riel@...hat.com>,
	"ionut.m.alexa@...il.com" <ionut.m.alexa@...il.com>,
	"peter@...leysoftware.com" <peter@...leysoftware.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"Zhang, Di" <di.zhang@...el.com>,
	"Sun, Zhonghua" <zhonghua.sun@...el.com>
Subject: Re: [PATCH] move exit_task_work() before exit_fs().

On Mon, Dec 29, 2014 at 01:33:37AM +0000, Ma, Xindong wrote:
> > On Fri, Dec 26, 2014 at 03:45:25PM +0800, Leon Ma wrote:
> > > We encountered following panic. The scenario is the process is exiting
> > > and executing its task work. When closing dev node, the driver
> > > triggers a firmware reload according to device status. Because task->fs is
> > set to NULL in exit_fs(), panic happens.
> > > Task work is a common interface, we should not limite the resource the
> > user will utilize.
> > 
> > Fix your driver.  Forget ->fs being NULL; what will happen if your process is
> > chrooted?
> Thanks, But I'm not clear what is the limitation added to chroot env?

???

How about "the pathname of firmware apparently will be looked up inside the
chroot"?  Look, this is completely broken - you *can't* assume anything about
the fs context in which ->release() will be run, period.  It's not guaranteed
to have anything in common with the environment in which the file had been
opened, BTW - there might literally be not a single filesystem in common for
both.

This "reload firmware in ->release()" is absolutely braindead.  The fact that
it as much as dereferences current->fs demonstrates that it's broken.  Don't
do that.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists