| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <52f2d9b2-e66a-f2aa-52fb-d0a3ca748a73@huawei.com>
Date: Mon, 23 Mar 2020 15:04:01 +0800
From: Yuehaibing <yuehaibing@...wei.com>
To: Herbert Xu <herbert@...dor.apana.org.au>
CC: <steffen.klassert@...unet.com>, <davem@...emloft.net>,
<kuba@...nel.org>, <timo.teras@....fi>, <netdev@...r.kernel.org>,
<linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2] xfrm: policy: Fix doulbe free in xfrm_policy_timer
On 2020/3/23 14:29, Herbert Xu wrote:
> On Mon, Mar 23, 2020 at 09:41:55AM +0800, YueHaibing wrote:
>>
>> diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
>> index dbda08ec566e..ae0689174bbf 100644
>> --- a/net/xfrm/xfrm_policy.c
>> +++ b/net/xfrm/xfrm_policy.c
>> @@ -434,6 +434,7 @@ EXPORT_SYMBOL(xfrm_policy_destroy);
>>
>> static void xfrm_policy_kill(struct xfrm_policy *policy)
>> {
>> + write_lock_bh(&policy->lock);
>> policy->walk.dead = 1;
>>
>> atomic_inc(&policy->genid);
>> @@ -445,6 +446,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy)
>> if (del_timer(&policy->timer))
>> xfrm_pol_put(policy);
>>
>> + write_unlock_bh(&policy->lock);
>
> Why did you expand the critical section? Can't you just undo the
> patch in xfrm_policy_kill?
Indeed, the critical section should not be expanded, thanks!
>
> Cheers,
>
Powered by blists - more mailing lists