| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Sep 2021 21:39:27 +0800
From: Zhihao Cheng <chengzhihao1@...wei.com>
To: Christoph Hellwig <hch@...radead.org>
CC: <axboe@...nel.dk>, <rostedt@...dmis.org>, <mingo@...hat.com>,
<acme@...hat.com>, <linux-block@...r.kernel.org>,
<linux-kernel@...r.kernel.org>, <yukuai3@...wei.com>
Subject: Re: [PATCH] blktrace: Fix uaf in blk_trace access after removing by
sysfs
在 2021/9/22 13:21, Christoph Hellwig 写道:
Hi Christoph,
> On Fri, Sep 10, 2021 at 05:21:20PM +0800, Zhihao Cheng wrote:
>> + else {
>> + /*
>> + * Don't remove blk_trace under running state, in
>> + * case triggering use-after-free in function
>> + * __blk_add_trace().
>> + */
>> + if (bt->trace_state != Blktrace_running)
>> + ret = blk_trace_remove_queue(q);
>> + else
>> + ret = -EBUSY;
>> + }
>> goto out_unlock_bdev;
> So who is going to eventually call blk_trace_free in this case?
Agree. How about removing blk_trace from running_list and stopping it
before calling blk_trace_free()?
>
> Also Having the check in blk_trace_remove_queue would seem a little
> cleaner.
Oh right, will move the check in v2.
Powered by blists - more mailing lists