| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87o87u2lrf.fsf@disp2133>
Date: Tue, 12 Oct 2021 12:31:00 -0500
From: ebiederm@...ssion.com (Eric W. Biederman)
To: Rune Kleveland <rune.kleveland@...omedia.dk>
Cc: Yu Zhao <yuzhao@...gle.com>, Alexey Gladkov <legion@...nel.org>,
Jordan Glover <Golden_Miller83@...tonmail.ch>,
LKML <linux-kernel@...r.kernel.org>, linux-mm@...ck.org,
containers@...ts.linux-foundation.org
Subject: Re: linux 5.14.3: free_user_ns causes NULL pointer dereference
Rune Kleveland <rune.kleveland@...omedia.dk> writes:
> Hi!
>
> Just wanted to let you know that I still get these on stock Fedora kernel
> 5.14.10 on the IBM blades. But it took 10 hours before the first server
> crashed. The other 4 still runs fine since 15 hours ago. So for me it seems more
> stable now, but that could just be a coincidence.
Alex and I have been working on this and we are still tracking down
whatever is going on.
While we haven't found the issue yet we have found a trivially correct
change that allows us to reproduce the issue faster.
Hopefully this will allow us to narrow down on whatever it is soon.
diff --git a/kernel/ucount.c b/kernel/ucount.c
index bb51849e6375..3b7e176cf7a2 100644
--- a/kernel/ucount.c
+++ b/kernel/ucount.c
@@ -203,6 +203,7 @@ void put_ucounts(struct ucounts *ucounts)
if (atomic_dec_and_lock_irqsave(&ucounts->count, &ucounts_lock, flags)) {
hlist_del_init(&ucounts->node);
+ ucounts->ns = NULL;
spin_unlock_irqrestore(&ucounts_lock, flags);
kfree(ucounts);
}
Eric
Powered by blists - more mailing lists