| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHmME9rgBJx+-wy-_GXPRMYEuTNyaa7SAr+nVOPh-Am2k6A2CA@mail.gmail.com>
Date: Tue, 15 Feb 2022 12:44:09 +0100
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: Paul Menzel <pmenzel@...gen.mpg.de>
Cc: "Theodore Y. Ts'o" <tytso@....edu>,
LKML <linux-kernel@...r.kernel.org>,
Dominik Brodowski <linux@...inikbrodowski.net>,
Jann Horn <jannh@...gle.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
Marco Elver <elver@...gle.com>,
Nicolas Pitre <nico@...xnic.net>,
Rik van Riel <riel@...hat.com>,
Oleg Nesterov <oleg@...hat.com>
Subject: Re: BUG: KCSAN: data-race in add_device_randomness+0x20d/0x290
Hi Paul,
Thanks for the new report. This looks like likely the same sort of
issue as before -- it's on a 1 byte read of the data that's being
passed to add_device_randomness by release_task(). It looks like there
might be a race in release_task():
void release_task(struct task_struct *p)
{
[...]
cgroup_release(p);
write_lock_irq(&tasklist_lock);
ptrace_release_task(p);
thread_pid = get_pid(p->thread_pid);
__exit_signal(p);
[...]
}
static void __exit_signal(struct task_struct *tsk)
{
[...]
add_device_randomness((const void*) &tsk->se.sum_exec_runtime,
sizeof(unsigned long long));
[...]
}
Apparently the data that is being read by add_device_randomness() is
being modified while it's being read. This would be whatever is in
`tsk->se.sum_exec_runtime`.
I'm not sure what's happening there, if this is "normal" and the task
can be scheduled out while exiting, causing the schedule to add to
sum_exec_runtime, or what. CCing some people who seem to have touched
this code, and maybe that'll help illuminate things.
Thanks,
Jason
Powered by blists - more mailing lists