| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 05 May 2021 08:11:56 -0700
From: Davidlohr Bueso <dbueso@...e.de>
To: Varad Gautam <varad.gautam@...e.com>
Cc: linux-kernel@...r.kernel.org,
Matthias von Faber <matthias.vonfaber@...-tech.de>,
Christian Brauner <christian.brauner@...ntu.com>,
Oleg Nesterov <oleg@...hat.com>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Manfred Spraul <manfred@...orfullife.com>,
Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH] ipc/mqueue: Avoid relying on a stack reference past its
expiry
On 2021-05-05 00:49, Varad Gautam wrote:
> The race here really is about the lifetime of __pipelined_op's `this`
> argument only
> being guaranteed for some duration of the call (ie, until someone sets
> ->state = STATE_READY). It is not about when wake_q addition happens,
> as long as it is
> being fed a valid task_struct.
Again, it's all about ensuring that the READY_STATE is set last, the
blocked
task has no business returning in the first place, making both races
(exit and
the one reported here) similar by ending up using bogus memory.
...
> I considered that initially, but given that the race isn't connected
> with wakeup, I
> preferred the current approach which makes this fact explicit by
> showing what's
> valid/invalid during __pipelined_op.
I understand your point, but this is why I updated the ordering
comments. Furthermore
there is no reason to decouple the task's refcount with the wake_q_add
operation, it
just makes the code weird and harder to follow.
Thanks,
Davidlohr
Powered by blists - more mailing lists