| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 5 Sep 2022 10:39:14 +0200
From: Christian Brauner <brauner@...nel.org>
To: Oleksandr Tymoshenko <ovt@...gle.com>
Cc: linux-kernel@...r.kernel.org, stable@...r.kernel.org,
Kees Cook <keescook@...omium.org>
Subject: Re: [PATCH] seccomp: fix refcounter leak if fork/clone is terminated
On Fri, Sep 02, 2022 at 03:41:35AM +0000, Oleksandr Tymoshenko wrote:
> release_task, where the seccomp's filter refcounter is released, is not
> called for the case when the fork/clone is terminated midway by a
> signal. This leaves an extra reference that prevents filter from being
> destroyed even after all processes using it exit leading to a BPF JIT
> memory leak. Dereference the refcounter in the failure path of the
> copy_process function.
>
> Fixes: 3a15fb6ed92c ("seccomp: release filter after task is fully dead")
> Cc: Christian Brauner <brauner@...nel.org>
> Cc: stable@...r.kernel.org
> Signed-off-by: Oleksandr Tymoshenko <ovt@...gle.com>
> ---
Hey Oleksandr,
Thanks for the patch! I'm really puzzled as to why we never noticed this
and I'm trying to re-architect how this happend. But in any case,
there's a patch in the seccomp tree that fixes this:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?id=6d17452707ca
which is slighly different from your approach in that it moves
copy_seccomp() after the point of no return. Let us know if you see any
issues with this!
Christian
Powered by blists - more mailing lists