lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 19 Mar 2020 22:10:49 -0700
From:   Eric Biggers <ebiggers@...nel.org>
To:     Jiri Slaby <jslaby@...e.com>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        linux-kernel@...r.kernel.org, linux-serial@...r.kernel.org,
        syzkaller-bugs@...glegroups.com,
        Eric Dumazet <edumazet@...gle.com>,
        Nicolas Pitre <nico@...xnic.net>
Subject: Re: [PATCH v2 1/2] vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use
 virtual console

On Thu, Mar 19, 2020 at 08:36:28AM +0100, Jiri Slaby wrote:
> On 18. 03. 20, 23:38, Eric Biggers wrote:
> > --- a/drivers/tty/vt/vt.c
> > +++ b/drivers/tty/vt/vt.c
> > @@ -1102,6 +1102,9 @@ int vc_allocate(unsigned int currcons)	/* return 0 on success */
> >  	tty_port_init(&vc->port);
> >  	INIT_WORK(&vc_cons[currcons].SAK_work, vc_SAK);
> >  
> > +	/* if this wasn't the case, we'd have to implement port->ops.destruct */
> > +	BUILD_BUG_ON(offsetof(struct vc_data, port) != 0);
> > +
> 
> This is 3 lines, implementing destruct would be like 4-5 :)? Please
> implement destruct instead.
> 
> Otherwise looks good.
> 

Actually implementing destruct would be 12 lines, see below.  Remember there is
no tty_port_operations defined yet so we'd have to define it just for destruct.

Do you still prefer it?

diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
index ec34f1f5f3bb5..309a39197be0a 100644
--- a/drivers/tty/vt/vt.c
+++ b/drivers/tty/vt/vt.c
@@ -1075,6 +1075,17 @@ static void visual_deinit(struct vc_data *vc)
 	module_put(vc->vc_sw->owner);
 }
 
+static void vc_port_destruct(struct tty_port *port)
+{
+	struct vc_data *vc = container_of(port, struct vc_data, port);
+
+	kfree(vc);
+}
+
+static const struct tty_port_operations vc_port_ops = {
+	.destruct = vc_port_destruct,
+};
+
 int vc_allocate(unsigned int currcons)	/* return 0 on success */
 {
 	struct vt_notifier_param param;
@@ -1100,11 +1111,9 @@ int vc_allocate(unsigned int currcons)	/* return 0 on success */
 
 	vc_cons[currcons].d = vc;
 	tty_port_init(&vc->port);
+	vc->port.ops = &vc_port_ops;
 	INIT_WORK(&vc_cons[currcons].SAK_work, vc_SAK);
 
-	/* if this wasn't the case, we'd have to implement port->ops.destruct */
-	BUILD_BUG_ON(offsetof(struct vc_data, port) != 0);
-
 	visual_init(vc, currcons, 1);
 
 	if (!*vc->vc_uni_pagedir_loc)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ