lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20151027070351.GB25728@pengutronix.de>
Date:	Tue, 27 Oct 2015 08:03:51 +0100
From:	Markus Pargmann <mpa@...gutronix.de>
To:	Christoph Hellwig <hch@...radead.org>
Cc:	Oleg Nesterov <oleg@...hat.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Tejun Heo <tj@...nel.org>, nbd-general@...ts.sourceforge.net,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] kthread: introduce kthread_get_run() to fix
 __nbd_ioctl()

Hi,

On Mon, Oct 26, 2015 at 05:26:42PM -0700, Christoph Hellwig wrote:
> On Sun, Oct 25, 2015 at 03:27:13PM +0100, Oleg Nesterov wrote:
> > It is not safe to use the task_struct returned by kthread_run(threadfn)
> > if threadfn() can exit before the "owner" does kthread_stop(), nothing
> > protects this task_struct.
> > 
> > So __nbd_ioctl() looks buggy; a killed nbd_thread_send() can exit, free
> > its task_struct, and then kthread_stop() can use the freed/reused memory.
> > 
> > Add the new trivial helper, kthread_get_run(). Hopefully it will have more
> > users, this patch changes __nbd_ioctl() as an example.
> 
> This looks horrible.  I think the real problem is that nbd is totally
> abusing signals for kthreads and that needs to go away.

To avoid this kthread_get_run() we can change the NBD code as well to
guarantee that the thread does not exit until kthread_stop() was called.
I think that is independent of using signals.

Currently NBD uses signals for the timeout handling to get the threads
out of the TCP operations. Do you have an idea how to solve this
differently?

Best Regards,

Markus

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ