| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Aug 2020 22:29:55 -0400
From: Cameron <cameron@...dycamel.com>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Masami Hiramatsu <mhiramat@...nel.org>,
linux-kernel@...r.kernel.org, Eddy_Wu@...ndmicro.com,
x86@...nel.org, davem@...emloft.net, rostedt@...dmis.org,
naveen.n.rao@...ux.ibm.com, anil.s.keshavamurthy@...el.com,
linux-arch@...r.kernel.org, oleg@...hat.com, will@...nel.org,
paulmck@...nel.org
Subject: Re: [RFC][PATCH 7/7] kprobes: Replace rp->free_instance with freelist
On Fri, Aug 28, 2020 at 5:18 AM <peterz@...radead.org> wrote:
> So the freelist->refs thing is supposed to pin freelist->next for
> concurrent usage, but if we instantly stick it on the
> current->kretprobe_instances llist while it's still elevated, we'll
> overwrite ->next, which would be bad.
I thought about this some more, and actually, it should be safe.
The next is not supposed to be changed while the node has non-zero
ref-count, true, but this is only important while the node is in the freelist.
If it's never added back to the freelist, then there is no problem (the
overwritten next may be read but never used).
But even if it is later re-added to the freelist, as long as the refcount is
still above zero, the node won't actually be in the list right away, and
again its next won't matter. When the refcount finally goes down to zero,
it will be put on the list but its next will be blindly overwritten at
that point.
Cameron
Powered by blists - more mailing lists