lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180919161301.GF17524@uranus.lan>
Date:   Wed, 19 Sep 2018 19:13:01 +0300
From:   Cyrill Gorcunov <gorcunov@...il.com>
To:     Jann Horn <jannh@...gle.com>
Cc:     Alexander Viro <viro@...iv.linux.org.uk>,
        linux-fsdevel@...r.kernel.org, Michal Hocko <mhocko@...nel.org>,
        Oleg Nesterov <oleg@...hat.com>, avagin@...tuozzo.com,
        kernel list <linux-kernel@...r.kernel.org>
Subject: Re: [linux-next] BUG triggered in ptraceme

On Wed, Sep 19, 2018 at 04:16:50PM +0200, Jann Horn wrote:
...
> >
> > Heh, actually not :) It is due to commit
> >
> > commit 1f8266ff58840d698a1e96d2274189de1bdf7969
> > Author: Jann Horn <jannh@...gle.com>
> > Date:   Thu Sep 13 18:12:09 2018 +0200
> >
> > which introduced might_sleep. Seems it is bad idea to send bug report
> > without having a cup of coffee at the morning :)
> 
> Yeah, I fixed one sleep-in-atomic bug and figured I'd throw a
> might_sleep() in there for good measure... sigh.
> I guess now I have to go through all the callers of
> begin_current_label_crit_section() to see what else looks wrong...
> 

Yes, I fear so. Need to check every caller just to be sure.

> apparmor_ptrace_traceme() is wrong, as reported...
> 
> apparmor_path_link() looks icky, but I'm not sure - from what I can
> tell, it's called with an i_rwsem held for writing, and that probably
> makes calling back into filesystem context from there a bad idea?
> OTOH, it's just the i_rwsem of a newly-created path, so I don't know
> whether that's actually an issue...
> 
> security_path_rename() is called with two i_rwsem's held, but again,
> I'm not sure whether that's a problem.

Lets wait for fs people opinions.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ