| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJedcCzDz6zEn2c2fb10DsJGGw1H1RWC98Fsr+x3sF5e-E43Sg@mail.gmail.com>
Date: Thu, 27 Oct 2022 11:48:27 +0800
From: Zheng Hacker <hackerzheng666@...il.com>
To: Dimitri Sivanich <sivanich@....com>
Cc: Zheng Wang <zyytlz.wz@....com>, gregkh@...uxfoundation.org,
zhengyejian1@...wei.com, dimitri.sivanich@....com, arnd@...db.de,
linux-kernel@...r.kernel.org, alex000young@...il.com,
security@...nel.org
Subject: Re: [PATCH v4] misc: sgi-gru: fix use-after-free error in
gru_set_context_option, gru_fault and gru_handle_user_call_os
Dimitri Sivanich <sivanich@....com> 于2022年10月19日周三 22:00写道:
> In gru_set_context_option(), you are calling gru_unload_context() for all
> non-zero 'ret' values, but there are other instances where non-zero 'ret'
> values are being set that should not call gru_unload_context(). Maybe do
> this instead:
> if (gru_check_context_placement(gts)) {
> gru_unlock_gts(gts);
> gru_unload_context(gts, 1);
> return -EINVAL;
> }
>
> > }
> > break;
> > case sco_gseg_owner:
Yes, that's correct. I'll fix it later.
> > @@ -727,14 +728,16 @@ void gru_check_context_placement(struct gru_thread_state *gts)
> > */
> > gru = gts->ts_gru;
> > - gru_check_context_placement(gts);
> > + ret = gru_check_context_placement(gts);
> > + if (ret) {
>
> One suggestion, there is now no need to declare 'ret'. Do this instead:
> if (gru_check_context_placement(gts)) {
>
> > + preempt_enable();
> > + mutex_unlock(>s->ts_ctxlock);
> > + gru_unload_context(gts, 1);
> > + return VM_FAULT_NOPAGE;
> > + }
> >
> > if (!gts->ts_gru) {
> > STAT(load_user_context);
Get it! Thanks agagin for your advice :)
Regards,
Zheng Wang
Powered by blists - more mailing lists