lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 15 Oct 2015 14:41:46 +0200
From:	Lukasz Pawelczyk <l.pawelczyk@...sung.com>
To:	Hillf Danton <hillf.zj@...baba-inc.com>
Cc:	Andy Lutomirski <luto@...capital.net>,
	Kees Cook <keescook@...omium.org>,
	linux-kernel <linux-kernel@...r.kernel.org>,
	linux-security-module@...r.kernel.org
Subject: Re: [PATCH v4 09/11] smack: namespace groundwork

On czw, 2015-10-15 at 15:38 +0800, Hillf Danton wrote:
> > 
> > +static inline void smack_userns_free(struct user_namespace *ns)
> > +{
> > +	struct smack_ns *snsp = ns->security;
> > +	struct smack_known *skp;
> > +	struct smack_known_ns *sknp, *n;
> > +
> > +	list_for_each_entry_safe(sknp, n, &snsp->smk_mapped,
> > smk_list_ns) {
> > +		skp = sknp->smk_unmapped;
> > +
> > +		mutex_lock(&skp->smk_mapped_lock);
> > +		list_del_rcu(&sknp->smk_list_known);
> > +		if (sknp->smk_allocated)
> > +			kfree(sknp->smk_mapped);
> > +		kfree(sknp);
> 
> sknp is released,
> > +		mutex_unlock(&skp->smk_mapped_lock);
> > +
> > +		list_del(&sknp->smk_list_ns);
> 
> but it is used again! typo?

No, not a typo. A regular bug. Thanks for spotting it. Also sync
mechanism before freeing was missing:

	skp = sknp->smk_unmapped;

	mutex_lock(&skp->smk_mapped_lock);
	list_del_rcu(&sknp->smk_list_known);
	mutex_unlock(&skp->smk_mapped_lock);

	list_del(&sknp->smk_list_ns);

	call_rcu(&sknp->smk_rcu, smk_free_known_ns);


-- 
Lukasz Pawelczyk
Samsung R&D Institute Poland
Samsung Electronics




--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ