lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 17 Feb 2021 16:32:21 +0000
From:   Chris Down <chris@...isdown.name>
To:     Petr Mladek <pmladek@...e.com>
Cc:     linux-kernel@...r.kernel.org,
        Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
        John Ogness <john.ogness@...utronix.de>,
        Johannes Weiner <hannes@...xchg.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Steven Rostedt <rostedt@...dmis.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Kees Cook <keescook@...omium.org>, kernel-team@...com
Subject: Re: code style: Re: [PATCH v4] printk: Userspace format enumeration
 support

Chris Down writes:
>open(f);
>  debugfs_file_get(f);
>  fops->open();
>    inode->private = ps;
>  debugfs_file_put(f);
>
>remove_printk_fmt_sec(); /* kfree ps */
>
>read(f);
>  debugfs_file_get(f);
>  fops->read();
>    ps = inode->private;  /* invalid */
>  debugfs_file_put(f);

Er, sorry, inode->private is populated at creation time, not at open(). The 
same general concern applies though -- as far as I can tell there's some period 
where we may be able to _read() and `ps` has already been freed.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ