| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20211214031310.p6kmbvd73kn6j7x3@treble>
Date: Mon, 13 Dec 2021 19:13:10 -0800
From: Josh Poimboeuf <jpoimboe@...hat.com>
To: David Vernet <void@...ifault.com>
Cc: pmladek@...e.com, linux-doc@...r.kernel.org,
live-patching@...r.kernel.org, linux-kernel@...r.kernel.org,
jikos@...nel.org, mbenes@...e.cz, joe.lawrence@...hat.com,
corbet@....net, yhs@...com, songliubraving@...com
Subject: Re: [PATCH] livepatch: Fix leak on klp_init_patch_early failure path
On Mon, Dec 13, 2021 at 02:58:38PM -0800, David Vernet wrote:
> > I don't think the fix will be quite that simple. For example, if
> > klp_init_patch_early() fails, that means try_module_get() hasn't been
> > done, so klp_free_patch_finish() will wrongly do a module_put().
>
> Ugh, good point and thank you for catching that. Another problem with the
> current patch is that we'll call kobject_put() on the patch even if we
> never call kobject_init on the patch due to patch->objs being NULL.
>
> Perhaps we should pull try_module_get() and the NULL check for patch->objs
> out of klp_init_patch_early()? It feels a bit more intuitive to me if
> klp_init_patch_early() were only be responsible for initializing kobjects
> for the patch and its objects / funcs anyways.
>
> Testing it locally seems to work fine. Let me know if this sounds
> reasonable to you, and I'll send out a v2 patch with the fixes to both the
> patch description, and logic.
Sounds reasonable to me. Thanks.
--
Josh
Powered by blists - more mailing lists