lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date:   Thu, 20 May 2021 13:29:02 +0200
From:   Andreas Gruenbacher <agruenba@...hat.com>
To:     Hillf Danton <hdanton@...a.com>
Cc:     cluster-devel <cluster-devel@...hat.com>,
        LKML <linux-kernel@...r.kernel.org>,
        Bob Peterson <rpeterso@...hat.com>,
        syzkaller-bugs@...glegroups.com,
        syzbot <syzbot+34ba7ddbf3021981a228@...kaller.appspotmail.com>
Subject: Re: [PATCH] gfs2: fix uaf in glock shrinker

On Wed, May 19, 2021 at 8:08 AM Hillf Danton <hdanton@...a.com> wrote:
> The GLF_LRU flag is checked under lru_lock in gfs2_glock_remove_from_lru() to
> remove glock from the lru list in __gfs2_glock_put().
>
> On the shrink scan path, the same flag is cleared under lru_lock but because
> of cond_resched_lock(&lru_lock) in gfs2_dispose_glock_lru() progress on the
> put side can be made without deleting glock from lru.
>
> Keep GLF_LRU across the race window opened by cond_resched_lock(&lru_lock) to
> ensure correct behaviors on both sides - clear GLF_LRU after list_del under
> lru_lock. That is the fix to uaf reported by the smart syzbot.

Thanks, I've added this to for-next.

Andreas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ