lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20190626005505.GD21530@kroah.com>
Date:   Wed, 26 Jun 2019 08:55:05 +0800
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Benjamin Herrenschmidt <benh@...nel.crashing.org>
Cc:     Muchun Song <smuchun@...il.com>,
        "Rafael J. Wysocki" <rafael@...nel.org>,
        Prateek Sood <prsood@...eaurora.org>,
        Mukesh Ojha <mojha@...eaurora.org>, gkohli@...eaurora.org,
        linux-kernel <linux-kernel@...r.kernel.org>,
        linux-arm-msm <linux-arm-msm@...r.kernel.org>,
        zhaowuyun@...gtech.com
Subject: Re: [PATCH v4] driver core: Fix use-after-free and double free on
 glue directory

On Wed, Jun 26, 2019 at 08:56:00AM +1000, Benjamin Herrenschmidt wrote:
> On Tue, 2019-06-25 at 23:06 +0800, Muchun Song wrote:
> > Benjamin Herrenschmidt <benh@...nel.crashing.org> 于2019年6月19日周三
> > 上午5:51写道:
> > > 
> > > On Tue, 2019-06-18 at 18:13 +0200, Greg KH wrote:
> > > > 
> > > > Again, I am totally confused and do not see a patch in an email
> > > > that
> > > > I
> > > > can apply...
> > > > 
> > > > Someone needs to get people to agree here...
> > > 
> > > I think he was hoping you would chose which solution you prefered
> > > here
> > 
> > Yeah, right, I am hoping you would chose which solution you prefered
> > here.
> > Thanks.
> > 
> > > :-) His original or the one I suggested instead. I don't think
> > > there's
> > > anybody else with understanding of sysfs guts around to form an
> > > opinion.
> > > 
> 
> Muchun, I don't think Greg still has the previous emails. He deals with
> too much to keep track of old stuff.
> 
> Can you send both patches tagged as [OPT1] and [OPT2] along with a
> comment in one go so Greg can see both and decide ?

That would be wonderful, thank you as I can't really find the "latest"
versions of both options.

> I think looking at the refcount is fragile, I might be wrong, but I
> think it mostly paper over the root of the problem which is the fact
> that the lock isn't taken accross both operations, thus exposing the
> race. But I'm happy if Greg prefers your approach as long as it's
> fixed.

I'll look at them and try to figure this out next week, thanks.

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ