lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 12 Jan 2022 18:16:17 +0000
From:   Matthew Wilcox <willy@...radead.org>
To:     Suren Baghdasaryan <surenb@...gle.com>
Cc:     Johannes Weiner <hannes@...xchg.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Eric Biggers <ebiggers@...nel.org>, Tejun Heo <tj@...nel.org>,
        Zefan Li <lizefan.x@...edance.com>,
        Ingo Molnar <mingo@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Juri Lelli <juri.lelli@...hat.com>,
        Vincent Guittot <vincent.guittot@...aro.org>,
        Dietmar Eggemann <dietmar.eggemann@....com>,
        Steven Rostedt <rostedt@...dmis.org>,
        Benjamin Segall <bsegall@...gle.com>,
        Mel Gorman <mgorman@...e.de>,
        Daniel Bristot de Oliveira <bristot@...hat.com>,
        Jonathan Corbet <corbet@....net>,
        "open list:DOCUMENTATION" <linux-doc@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        cgroups mailinglist <cgroups@...r.kernel.org>,
        stable <stable@...r.kernel.org>,
        kernel-team <kernel-team@...roid.com>,
        syzbot <syzbot+cdb5dd11c97cc532efad@...kaller.appspotmail.com>
Subject: Re: [PATCH v3 1/1] psi: Fix uaf issue when psi trigger is destroyed
 while being polled

On Wed, Jan 12, 2022 at 09:49:00AM -0800, Suren Baghdasaryan wrote:
> > This happens with the following config:
> >
> > CONFIG_CGROUPS=n
> > CONFIG_PSI=y
> >
> > With cgroups disabled these functions are defined as non-static but
> > are not defined in the header
> > (https://elixir.bootlin.com/linux/latest/source/include/linux/psi.h#L28)
> > since the only external user cgroup.c is disabled. The cleanest way to
> > fix these I think is by doing smth like this in psi.c:

A cleaner way to solve these is simply:

#ifndef CONFIG_CGROUPS
static struct psi_trigger *psi_trigger_create(...);
...
#endif

I tested this works:

$ cat foo5.c
static int psi(void *);

int psi(void *x)
{
	return (int)(long)x;
}

int bar(void *x)
{
	return psi(x);
}
$ gcc -W -Wall -O2 -c -o foo5.o foo5.c
$ readelf -s foo5.o

Symbol table '.symtab' contains 4 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND
     1: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS foo5.c
     2: 0000000000000000     0 SECTION LOCAL  DEFAULT    1 .text
     3: 0000000000000000     3 FUNC    GLOBAL DEFAULT    1 bar

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ