lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 30 May 2020 09:41:11 -0700
From:   James Bottomley <jejb@...ux.ibm.com>
To:     Bart Van Assche <bvanassche@....org>,
        Simon Arlott <simon@...iron.net>,
        "Martin K . Petersen" <martin.petersen@...cle.com>,
        Jens Axboe <axboe@...nel.dk>
Cc:     linux-scsi@...r.kernel.org, Merlijn Wajer <merlijn@...hive.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 1/2] scsi: sr: Fix sr_probe() missing mutex_destroy

On Sat, 2020-05-30 at 09:24 -0700, Bart Van Assche wrote:
> On 2020-05-30 02:32, Simon Arlott wrote:
> > If the device minor cannot be allocated or the cdrom fails to be
> > registered then the mutex should be destroyed.
> 
> Please add Fixes: and Cc: stable tags.

This isn't really a bug, is it?  mutex_destroy is a nop unless lock
debugging is enabled in which case it checks the lock is unlocked and
marks it as unusable to detect a use after destroy.  Since the
structure containing the mutex is kfree'd in the next statement, kasan
would also detect any use after free.  That's not to say we shouldn't
do this to be fully correct ... just that it has no potential ever to
have user visible impact so there doesn't seem to be much point
cluttering up the stable process with it.

James



Powered by blists - more mailing lists