lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210318165907.GA10448@pc638.lan>
Date:   Thu, 18 Mar 2021 17:59:07 +0100
From:   Uladzislau Rezki <urezki@...il.com>
To:     vjitta@...eaurora.org
Cc:     akpm@...ux-foundation.org, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org, vinmenon@...eaurora.org
Subject: Re: [PATCH] mm: vmalloc: Prevent use after free in _vm_unmap_aliases

On Thu, Mar 18, 2021 at 03:38:25PM +0530, vjitta@...eaurora.org wrote:
> From: Vijayanand Jitta <vjitta@...eaurora.org>
> 
> A potential use after free can occur in _vm_unmap_aliases
> where an already freed vmap_area could be accessed, Consider
> the following scenario:
> 
> Process 1						Process 2
> 
> __vm_unmap_aliases					__vm_unmap_aliases
> 	purge_fragmented_blocks_allcpus				rcu_read_lock()
> 		rcu_read_lock()
> 			list_del_rcu(&vb->free_list)
> 									list_for_each_entry_rcu(vb .. )
> 	__purge_vmap_area_lazy
> 		kmem_cache_free(va)
> 										va_start = vb->va->va_start
Or maybe we should switch to kfree_rcu() instead of kmem_cache_free()?

--
Vlad Rezki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ