| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YzyuDiQb6arOvUOm@codewreck.org>
Date: Wed, 5 Oct 2022 07:05:02 +0900
From: Dominique Martinet <asmadeus@...ewreck.org>
To: Christian Schoenebeck <linux_oss@...debyte.com>
Cc: v9fs-developer@...ts.sourceforge.net, linux-kernel@...r.kernel.org,
Dan Carpenter <dan.carpenter@...cle.com>,
Leon Romanovsky <leon@...nel.org>,
syzbot+67d13108d855f451cafc@...kaller.appspotmail.com
Subject: Re: [PATCH 1/2] 9p: client_create/destroy: only call
trans_mod->close after create
Dominique Martinet wrote on Wed, Oct 05, 2022 at 06:51:13AM +0900:
> destroy code would incorrectly call close() if trans_mod exists after some
> hasty code cleanup: we need to make sure we only call close after create
>
> The new bool added to track this has been added in a hole of the struct
> and will not increase p9_client's size.
> It might be possible to do better with a bit more work, but that will
> have to do for now.
>
> Link: https://lkml.kernel.org/r/00000000000015ac7905e97ebaed@google.com
> Reported-by: syzbot+67d13108d855f451cafc@...kaller.appspotmail.com
> Reported-by: Leon Romanovsky <leon@...nel.org>
> Fixes: 3ff51294a055 ("9p: p9_client_create: use p9_client_destroy on failure")
Oh... Fixing tags for stable made me notice this actually wasn't merged
into 5.19 unlike what I thought, so we only have the original bug of
potentially freeing the idr with tags still in it.
That's a much smaller bug and I'll just remove the first
p9_client_destroy on failure patch for this merge window (small leak
that requires root on error) ; then we can take time to properly fix
this one way or another for next cycle.
--
Dominique
Powered by blists - more mailing lists