| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <yq1a7ls1ujo.fsf@oracle.com>
Date: Wed, 28 Nov 2018 21:34:03 -0500
From: "Martin K. Petersen" <martin.petersen@...cle.com>
To: kys@...uxonhyperv.com
Cc: gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
devel@...uxdriverproject.org, ohering@...e.com,
James.Bottomley@...senPartnership.com, hch@...radead.org,
linux-scsi@...r.kernel.org, apw@...onical.com, vkuznets@...hat.com,
jasowang@...hat.com, martin.petersen@...cle.com, hare@...e.de,
kys@...rosoft.com, Dexuan Cui <decui@...rosoft.com>,
stable@...r.kernel.org, Long Li <longli@...rosoft.com>,
Stephen Hemminger <sthemmin@...rosoft.com>,
Haiyang Zhang <haiyangz@...rosoft.com>
Subject: Re: [PATCH] scsi: storvsc: Fix a race in sub-channel creation that can cause panic
KY,
> From: Dexuan Cui <decui@...rosoft.com>
>
> We can concurrently try to open the same sub-channel from 2 paths:
>
> path #1: vmbus_onoffer() -> vmbus_process_offer() -> handle_sc_creation().
> path #2: storvsc_probe() -> storvsc_connect_to_vsp() ->
> -> storvsc_channel_init() -> handle_multichannel_storage() ->
> -> vmbus_are_subchannels_present() -> handle_sc_creation().
>
> They conflict with each other, but it was not an issue before the recent
> commit ae6935ed7d42 ("vmbus: split ring buffer allocation from open"),
> because at the beginning of vmbus_open() we checked newchannel->state so
> only one path could succeed, and the other would return with -EINVAL.
Applied to 4.20/scsi-fixes. Thank you!
--
Martin K. Petersen Oracle Linux Engineering
Powered by blists - more mailing lists