lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 4 Jan 2019 10:26:20 +0800
From:   Jia-Ju Bai <baijiaju1990@...il.com>
To:     Benjamin Herrenschmidt <benh@...nel.crashing.org>,
        dhowells@...hat.com, joel@....id.au, eajames@...ux.vnet.ibm.com,
        andrew@...id.au
Cc:     linux-kernel@...r.kernel.org
Subject: Re: [PATCH] fsi:fsi-sbefifo: Fix possible concurrency use-after-free
 bugs in sbefifo_user_release



On 2019/1/4 8:47, Benjamin Herrenschmidt wrote:
> On Wed, 2018-12-26 at 21:56 +0800, Jia-Ju Bai wrote:
>> In drivers/fsi/fsi-sbefifo.c, the functions sbefifo_user_release(),
>> sbefifo_user_read() and sbefifo_user_write() may be concurrently executed.
> So after refreshing my mind, looking at the code and talking with Al, I
> really dont' see what race you are trying to fix here.
>
> read/write should never be concurrent with release for a given file and
> the stuff we are protecting here is local to the file instance.
>
> Do you have an actual problem you observed ?
>

Thanks for the reply.

In fact, this report is found by a static tool written by myself, 
instead of real execution.
My tool found that in some drivers, for the structure "struct 
file_operations", the code in intetrfaces ".read" , "write" and 
".release" are protected by the same lock.
The functions kcs_bmc_read(), kcs_bmc_write() and kcs_bmc_release() are 
examples.
Thus, my tool inferred that the intetrfaces ".read" , "write" and 
".release" of "struct file_operations" can be concurrently executed, and 
generated this report.
I manually checked this report, but I was not very sure of it, so I 
marked it as a "possible bug" and reported it.

 From your message, now I know my report is false, and ".read" , "write" 
cannot be concurrently executed with ".release" for a given file.
Sorry for my false report, and thanks for your message.


Best wishes,
Jia-Ju Bai

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ