lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 26 Jan 2017 14:37:54 -0500
From:   Tejun Heo <tj@...nel.org>
To:     Konstantin Khlebnikov <khlebnikov@...dex-team.ru>
Cc:     Peter Zijlstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...hat.com>, linux-kernel@...r.kernel.org,
        stable@...r.kernel.org
Subject: Re: [PATCH 2/2] kernfs: define name and path to "(null)" for NULL
 pointer kernfs nodes

Hello,

On Thu, Jan 26, 2017 at 12:41:48PM +0300, Konstantin Khlebnikov wrote:
> The same LTP testcase triggers NULL deref css->cgroup->kn in the same place.
> 
> Commit a5bca2152036 ("cgroup: factor out cgroup_create() out of
> cgroup_mkdir()") reordered cgroup construction. Now css created and
> set online twice: first in cgroup_create(), second in cgroup_mkdir().
> First happens before creation of kernfs node.

It's isn't set online twice.  It's onlined and then made visible
later.  The problem here is that cgroup_name/path() depend on a kernfs
node being associated with it and there's a gap between onlining and
kernfs_node association.  It's fine in cgroup proper but
cgroup_name/path() are used from other places too, so it is
problematic.

> It seems safer and cleaner to handle NULL pointer right in kernfs than
> spreading this magic across all other code. Now all functions that
> prints kernfs path and name prints "(null)" for NULL pointer.

I'm not against this patch but yeah this doesn't address the root
cause here.  Can you please send the patch to Greg?  Please feel free
to add my Acked-by.

> Also it might be a good idea to reorder cgroup construction to make these
> NULL pointers unreachable: online css only after complete initialization.
> After that NULL checks in kernfs could be surrounded with WARN_ON().

Oh yeah, definitely.  The names should be available before online.
Will look into it.

Thanks.

-- 
tejun

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ