lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 2 Dec 2022 14:45:01 +0200 From: Alexander Atanasov <alexander.atanasov@...tuozzo.com> To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, "Rafael J. Wysocki" <rafael@...nel.org> Cc: kernel@...nvz.org, Alexander Atanasov <alexander.atanasov@...tuozzo.com>, linux-kernel@...r.kernel.org Subject: [PATCH] devtmpfs: move NULLing the thread pointer before unregistering fs In commit 31c779f293b3 ("devtmpfs: fix the dangling pointer of global devtmpfsd thread") a dangling pointer on an error condition was fixed. But the fix left the dangling pointer during unregister_filesystem and printk calls. Improve the fix to clear the pointer before unregistration to close the window where the dangling pointer can be potentially used. Make it clear the pointer at only one place in the function. Signed-off-by: Alexander Atanasov <alexander.atanasov@...tuozzo.com> --- drivers/base/devtmpfs.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c index e4bffeabf344..773e66ef5642 100644 --- a/drivers/base/devtmpfs.c +++ b/drivers/base/devtmpfs.c @@ -472,17 +472,15 @@ int __init devtmpfs_init(void) } thread = kthread_run(devtmpfsd, &err, "kdevtmpfs"); - if (!IS_ERR(thread)) { + if (!IS_ERR(thread)) wait_for_completion(&setup_done); - } else { + else err = PTR_ERR(thread); - thread = NULL; - } if (err) { + thread = NULL; printk(KERN_ERR "devtmpfs: unable to create devtmpfs %i\n", err); unregister_filesystem(&dev_fs_type); - thread = NULL; return err; } base-commit: b7b275e60bcd5f89771e865a8239325f86d9927d -- 2.31.1
Powered by blists - more mailing lists