| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHz2CGXMaENy=CoO48ax6-UFiFdyfbRugBtBnwM9+7rFoaFykw@mail.gmail.com> Date: Wed, 13 Apr 2016 11:19:28 +0800 From: Jianyu Zhan <nasa4836@...il.com> To: mingo@...hat.com, "H. Peter Anvin" <hpa@...or.com>, suresh.b.siddha@...el.com Cc: x86@...nel.org, LKML <linux-kernel@...r.kernel.org> Subject: Re: Possible race in copy of fpu->state in copy_process against the exeve'ing parent? On Wed, Apr 13, 2016 at 11:11 AM, Jianyu Zhan <nasa4836@...il.com> wrote: > > So I suspect there is a possible race: > > > Parent: > > sys_execve > do_execve > do_execve_common > search_binary_handler > load_elf_binary > start_thread > start_thread_common > free_thread_xstate(current) > fpu_free > fpu->state = NULL > > > Child: > > sys_clone > do_fork > copy_process > dup_task_struct > prepare_to_copy > unlazy_fpu > __save_init_fpu > fpu_save_init > fpu_xsave(fpu) <---- fpu->sate is NULL, > so cause a > NULL > dereference. > Hmm, I am wrong, it is not Parent vs Child. It is : Parent executes sys_execuve, and then right after that, executes sys_clone. Regards, Jianyu Zhan
Powered by blists - more mailing lists