lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Nov 2017 19:10:15 +0100 From: Andrew Lunn <andrew@...n.ch> To: Vivien Didelot <vivien.didelot@...oirfairelinux.com> Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org, kernel@...oirfairelinux.com, "David S. Miller" <davem@...emloft.net>, Florian Fainelli <f.fainelli@...il.com>, Stephen Rothwell <sfr@...b.auug.org.au>, lkp@...org Subject: Re: [PATCH net-next] net: dsa: remove tree refcount On Thu, Nov 09, 2017 at 12:36:52PM -0500, Vivien Didelot wrote: > Setting the refcount to 0 when allocating a tree to match the number of > switch devices it holds may cause an 'increment on 0; use-after-free'. > > Tracking the number of devices in a tree with a kref is not really > appropriate anyway so removes it completely in favor of a basic counter. Hi Vivien How are you protecting this basic counter? switches can come and go at random, modules are loaded and unloaded, probing can happen in parallel, probes can fail with EPROBE_DEFFER causing a switch to unregister itself while others are registering themselves, etc. The point of using a kref is that it is a well known kernel method of safely handling this situation. When the last member of the tree goes away, we safely and atomically remove the tree. It worked well for a few years, until you refactored it. Maybe the correct solution is to revert your change? Andrew
Powered by blists - more mailing lists