| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGngYiUsq55EUKa0rYCeQ62VanhwNUxs-pfkJxUwqd4HO3m-Lg@mail.gmail.com>
Date: Tue, 5 Feb 2019 10:22:50 -0500
From: Sven Van Asbroeck <thesven73@...il.com>
To: Kees Cook <keescook@...omium.org>
Cc: Tejun Heo <tj@...nel.org>, Lai Jiangshan <jiangshanlai@...il.com>,
LKML <linux-kernel@...r.kernel.org>,
Sebastian Reichel <sre@...nel.org>,
Dmitry Torokhov <dmitry.torokhov@...il.com>,
Greg KH <gregkh@...uxfoundation.org>
Subject: Re: [RFC v1 0/3] Address potential user-after-free on module unload
On Tue, Feb 5, 2019 at 9:57 AM Kees Cook <keescook@...omium.org> wrote:
>
>
> Can a Coccinelle script get written to find module-use of the non-devm
> work init?
My thoughts exactly ! But sadly I'm not a Coccinelle expert. I did
look briefly at
its syntax, but I didn't immediately "get" how Cocci could find this class of
errors, without a huge false positive rate (which would make it worse than
useless).
>
> It seems like finding these in __init functions should be relatively
> easy? (Or can we add runtime detection in the existing INIT_*WORK()
> code to see if it is running from the wrong place?)
>
IMHO the problem isn't that they're called from __init functions.
Also, nothing is
wrong with the location of INIT_*WORK per se.
The real problem is that developers overlook calling cancel_work_sync()
on unload. I'm not sure how we could bolt on runtime detection to catch
a *missing* function. Again, without causing tons of false positives.
Powered by blists - more mailing lists