| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190829050237.GA5161@jagdpanzerIV>
Date: Thu, 29 Aug 2019 14:02:37 +0900
From: Sergey Senozhatsky <sergey.senozhatsky.work@...il.com>
To: Steve French <stfrench@...rosoft.com>,
Ronnie Sahlberg <lsahlber@...hat.com>
Cc: linux-cifs@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: build_path_from_dentry_optional_prefix() may schedule from invalid
context
Hello,
Looking at commit "cifs: create a helper to find a writeable handle
by path name":
->open_file_lock scope is atomic context, while build_path_from_dentry()
can schedule - kmalloc(GFP_KERNEL)
spin_lock(&tcon->open_file_lock);
list_for_each(tmp, &tcon->openFileList) {
cfile = list_entry(tmp, struct cifsFileInfo,
tlist);
full_path = build_path_from_dentry(cfile->dentry);
if (full_path == NULL) {
spin_unlock(&tcon->open_file_lock);
return -ENOMEM;
}
if (strcmp(full_path, name)) {
kfree(full_path);
continue;
}
kfree(full_path);
cinode = CIFS_I(d_inode(cfile->dentry));
spin_unlock(&tcon->open_file_lock);
return cifs_get_writable_file(cinode, 0, ret_file);
}
spin_unlock(&tcon->open_file_lock);
Additionally, kfree() can (and should) be done outside of
->open_file_lock scope.
-ss
Powered by blists - more mailing lists