lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAGXu5jL6DXNArYnLkd4PhgVTMgprZF6pKx2euiCg-f9kFdexTQ@mail.gmail.com>
Date:   Thu, 21 Sep 2017 12:51:40 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Oleg Nesterov <oleg@...hat.com>
Cc:     Chris Salls <chrissalls5@...il.com>,
        Andy Lutomirski <luto@...capital.net>,
        Will Drewry <wad@...omium.org>,
        "security@...nel.org" <security@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Tycho Andersen <tycho@...ker.com>
Subject: Re: [PATCH] seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter()

On Thu, Sep 21, 2017 at 3:57 AM, Oleg Nesterov <oleg@...hat.com> wrote:
> On 09/20, Kees Cook wrote:
>>
>> On Wed, Sep 20, 2017 at 5:56 AM, Oleg Nesterov <oleg@...hat.com> wrote:
>> > @@ -908,13 +912,13 @@ long seccomp_get_filter(struct task_struct *task, unsigned long filter_off,
>> >         if (!data)
>> >                 goto out;
>> >
>> > -       get_seccomp_filter(task);
>> > +       refcount_inc(&filter->usage);
>> >         spin_unlock_irq(&task->sighand->siglock);
>> >
>> >         if (copy_to_user(data, fprog->filter, bpf_classic_proglen(fprog)))
>> >                 ret = -EFAULT;
>> >
>> > -       put_seccomp_filter(task);
>> > +       __put_seccomp_filter(filter);
>> >         return ret;
>>
>> Given how reference counting is done for filters, I'd be happier with
>> leaving the get_seccomp_filter() as-is,
>
> No, please note that filter != tsk->seccomp.filter, get_seccomp_filter()
> won't work.

Ah yes, sorry, you're right.

>> (i.e. don't open-code
>> the refcount_inc()).
>
> agreed, probably another __get_seccomp_filter(filter) makes sense, especially
> if we do other changes like get_nth().
>
> But imo not in this fix.

Regardless, whatever lands will need backport adjustment for
refcount_*/atomic_* in -stable.

Can you resend the two patches; I can send the backport to -stable manually...

-Kees

-- 
Kees Cook
Pixel Security

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ