| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202106071617.5713E0A01@keescook>
Date: Mon, 7 Jun 2021 16:17:41 -0700
From: Kees Cook <keescook@...omium.org>
To: Bernd Edlinger <bernd.edlinger@...mail.de>
Cc: Alexander Viro <viro@...iv.linux.org.uk>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
"linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] exec: Copy oldsighand->action under spin-lock
On Mon, Jun 07, 2021 at 03:54:27PM +0200, Bernd Edlinger wrote:
> unshare_sighand should only access oldsighand->action
> while holding oldsighand->siglock, to make sure that
> newsighand->action is in a consistent state.
>
> Signed-off-by: Bernd Edlinger <bernd.edlinger@...mail.de>
> ---
> fs/exec.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fs/exec.c b/fs/exec.c
> index d8af85f..8344fba 100644
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@ -1193,11 +1193,11 @@ static int unshare_sighand(struct task_struct *me)
> return -ENOMEM;
>
> refcount_set(&newsighand->count, 1);
> - memcpy(newsighand->action, oldsighand->action,
> - sizeof(newsighand->action));
>
> write_lock_irq(&tasklist_lock);
> spin_lock(&oldsighand->siglock);
> + memcpy(newsighand->action, oldsighand->action,
> + sizeof(newsighand->action));
> rcu_assign_pointer(me->sighand, newsighand);
> spin_unlock(&oldsighand->siglock);
> write_unlock_irq(&tasklist_lock);
Oh, yeah, that's a nice catch.
Reviewed-by: Kees Cook <keescook@...omium.org>
--
Kees Cook
Powered by blists - more mailing lists