lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <01ca95431a642133293534502975765dba993ada.camel@kernel.crashing.org>
Date:   Thu, 04 Jul 2019 08:57:53 +1000
From:   Benjamin Herrenschmidt <benh@...nel.crashing.org>
To:     Greg KH <gregkh@...uxfoundation.org>,
        Muchun Song <smuchun@...il.com>
Cc:     rafael@...nel.org, prsood@...eaurora.org, mojha@...eaurora.org,
        gkohli@...eaurora.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v1 OPT1] driver core: Fix use-after-free and double free
 on glue directory

On Wed, 2019-07-03 at 21:37 +0200, Greg KH wrote:
> Ok, I guess I have to take this patch, as the other one is so bad :)
> 
> But, I need a very large comment here saying why we are poking around in
> a kref and why we need to do this, at the expense of anything else.
> 
> So can you respin this patch with a comment here to help explain it so
> we have a chance to understand it when we run across this line in 10
> years?

Also are we confident that an open dir on the glue dir from userspace
won't keep the kref up ?

Cheers,
Ben.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ