lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <01fea5b8eda7f5ed985bf06905ca95bbe6414539.camel@kernel.crashing.org>
Date:   Thu, 04 Jul 2019 16:29:55 +1000
From:   Benjamin Herrenschmidt <benh@...nel.crashing.org>
To:     Greg KH <gregkh@...uxfoundation.org>
Cc:     Muchun Song <smuchun@...il.com>, rafael@...nel.org,
        prsood@...eaurora.org, mojha@...eaurora.org, gkohli@...eaurora.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v1 OPT1] driver core: Fix use-after-free and double free
 on glue directory

On Thu, 2019-07-04 at 07:41 +0200, Greg KH wrote:
> On Thu, Jul 04, 2019 at 08:57:53AM +1000, Benjamin Herrenschmidt
> wrote:
> > On Wed, 2019-07-03 at 21:37 +0200, Greg KH wrote:
> > > Ok, I guess I have to take this patch, as the other one is so bad
> > > :)
> > > 
> > > But, I need a very large comment here saying why we are poking
> > > around in
> > > a kref and why we need to do this, at the expense of anything
> > > else.
> > > 
> > > So can you respin this patch with a comment here to help explain
> > > it so
> > > we have a chance to understand it when we run across this line in
> > > 10
> > > years?
> > 
> > Also are we confident that an open dir on the glue dir from
> > userspace
> > won't keep the kref up ?
> 
> How do you "open" a directory which raises the kref?

Hrm.. kernfs foo .. not sure. You probably can't :-) I don't know.

Cheers,
Ben.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ