lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Y7A9ssF/WPVDMUKl@kroah.com>
Date:   Sat, 31 Dec 2022 14:48:34 +0100
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Yoochan Lee <yoochan1026@...il.com>
Cc:     matt.hsiao@....com, arnd@...db.de, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] misc: hpilo: Fix use-after-free in ilo_open

A: http://en.wikipedia.org/wiki/Top_post
Q: Were do I find info about this thing called top-posting?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

A: No.
Q: Should I include quotations after my reply?

http://daringfireball.net/2007/07/on_top

On Sat, Dec 31, 2022 at 10:06:19PM +0900, Yoochan Lee wrote:
> Thanks.
> 
> Since I don't have a real device, it is difficult to verify the bug dynamically.
> However, this type of race condition (i.e., b/w remove device and
> fops) is prevalently founded recently[1-3].
> Therefore, I think this bug can be triggered if a real device exists.

And how can this device actually be removed from the system?  Is that
possible with this hardware?

> The main reason for this race condition (i.e., b/w detach and fops) is
> there is no proper lock mechanism.
> I think the detach device function is delayed until the other
> operations (e.g., fops) is finished.
> To this end, I use kref to wait for the other operations.

And again, this is not the correct solution as you have way too many
reference counts happening here.  Please become more familiar with how
these all work before adding another one and causing more problems like
this patch did :(

> The tool I am making is currently under development, and it can find
> the race condition between detach function and fops.

Then you MUST document this as it looks like your tool needs work.
Please read Documentation/process/researcher-guidelines.rst for what you
MUST do if you use a tool to find "issues" and send out random patches.

good luck!

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ