| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 2 Oct 2018 08:21:26 -0700
From: Evan Green <evgreen@...omium.org>
To: dgilbert@...erlog.com
Cc: jejb@...ux.vnet.ibm.com, martin.petersen@...cle.com,
linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org,
ndesaulniers@...gle.com, hch@...radead.org, rglasser@...gle.com,
stable@...r.kernel.org
Subject: Re: [PATCH RESEND] scsi: sg: Prevent potential double frees in sg driver
On Mon, Oct 1, 2018 at 4:34 PM Douglas Gilbert <dgilbert@...erlog.com> wrote:
>
> On 2018-10-02 02:15 AM, Evan Green wrote:
> > From: Robb Glasser <rglasser@...gle.com>
> >
> > sg_ioctl could be spammed by requests, leading to a double free in
> > __free_pages. This protects the entry points of sg_ioctl where the
> > memory could be corrupted by a double call to __free_pages if multiple
> > requests are happening concurrently.
>
> Hi,
> I don't like this patch. I would like to see the trace for the double
> call to the __free_pages you are referring too. A test program that
> show the fault, perhaps?
>
> I have test code to "spam" the sg driver and have not seen a double
> __free_pages that you refer to (see sg3_utils package version 1.44,
> testing/sg_tst_async.cpp).
>
> Currently I am dusting off 20 years of "laparoscopic" patches to the sg
> driver that have made a bit of a mess of the naming and comments. Also
> the 16 outstanding requests per file descriptor limit is being removed.
> Then I want to add the SG_IOSUBMIT and SG_IORECEIVE ioctls proposed by
> Linus Torvalds two week ago.
>
> Executive summary: nak, without further information
That makes sense. Thanks for taking a look.
Powered by blists - more mailing lists