lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 11 Jun 2019 12:25:03 -0400
From:   Sasha Levin <sashal@...nel.org>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        Sahara <keun-o.park@...kmatter.ae>
Subject: Re: [PATCH AUTOSEL 4.4 50/56] tty: pty: Fix race condition between
 release_one_tty and pty_write

On Sat, Jun 01, 2019 at 09:18:36AM -0700, Greg Kroah-Hartman wrote:
>On Sat, Jun 01, 2019 at 09:17:07AM -0700, Greg Kroah-Hartman wrote:
>> On Sat, Jun 01, 2019 at 09:25:54AM -0400, Sasha Levin wrote:
>> > From: Sahara <keun-o.park@...kmatter.ae>
>> >
>> > [ Upstream commit b9ca5f8560af244489b4a1bc1ae88b341f24bc95 ]
>> >
>> > Especially when a linked tty is used such as pty, the linked tty
>> > port's buf works have not been cancelled while master tty port's
>> > buf work has been cancelled. Since release_one_tty and flush_to_ldisc
>> > run in workqueue threads separately, when pty_cleanup happens and
>> > link tty port is freed, flush_to_ldisc tries to access freed port
>> > and port->itty, eventually it causes a panic.
>> > This patch utilizes the magic value with holding the tty_mutex to
>> > check if the tty->link is valid.
>> >
>> > Fixes: 2b022ab7542d ("pty: cancel pty slave port buf's work in tty_release")
>> > Signed-off-by: Sahara <keun-o.park@...kmatter.ae>
>> > Cc: stable <stable@...r.kernel.org>
>> > Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
>> > Signed-off-by: Sasha Levin <sashal@...nel.org>
>> > ---
>> >  drivers/tty/pty.c    | 7 +++++++
>> >  drivers/tty/tty_io.c | 3 +++
>> >  2 files changed, 10 insertions(+)
>>
>> For some reason I did not apply this to the stable kernels, and this
>> shouldn't only be for 4.4.y, so please drop this.
>
>Ah, I never applied it because it was later reverted, also upstream,
>0eae4686a128 ("Revert "tty: pty: Fix race condition between
>release_one_tty and pty_write""), so I didn't apply both of them to the
>stable trees as that wouldn't have made sense.

I've dropped it.

--
Thanks,
Sasha

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ