| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4384.1567174383@warthog.procyon.org.uk>
Date: Fri, 30 Aug 2019 15:13:03 +0100
From: David Howells <dhowells@...hat.com>
To: Hillf Danton <hdanton@...a.com>
Cc: dhowells@...hat.com, Sachin Sant <sachinp@...ux.vnet.ibm.com>,
linuxppc-dev@...abs.org, keyrings@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: Oops (request_key_auth_describe) while running cve-2016-7042 from LTP
Hillf Danton <hdanton@...a.com> wrote:
> - struct request_key_auth *rka = dereference_key_rcu(key);
> + struct request_key_auth *rka;
> +
> + rcu_read_lock();
> + rka = dereference_key_rcu(key);
This shouldn't help as the caller, proc_keys_show(), is holding the RCU read
lock across the call. The end of the function reads:
if (key->type->describe)
key->type->describe(key, m);
seq_putc(m, '\n');
rcu_read_unlock();
return 0;
}
and the documentation says "This method will be called with the RCU read lock
held".
I suspect the actual bugfix is this bit:
> + if (!rka)
> + goto out;
David
Powered by blists - more mailing lists