lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 27 Apr 2023 20:51:48 +0900
From:   sangsup lee <k1rh4.lee@...il.com>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     Srinivas Kandagatla <srinivas.kandagatla@...aro.org>,
        Amol Maheshwari <amahesh@....qualcomm.com>,
        Arnd Bergmann <arnd@...db.de>, linux-arm-msm@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] misc: fastrpc: Fix a Use after-free-bug by race condition

I reported fastrpc bug in
Feb,2023.(https://lore.kernel.org/lkml/20230216014120.3110-1-k1rh4.lee@gmail.com)

And Srinivas recommended this patch code for patch v2.
That's why I sent this patch v2 however, I haven't received any reply
after that.

I just want to know the next step for patching this code.
Should I just keep waiting ? Or Please let me know if I need to
provide you with more information.

(Ps. I'm sorry, i re-send this reply because of missing text-mode )

Best regards.

2023년 4월 27일 (목) 오후 6:52, Greg Kroah-Hartman <gregkh@...uxfoundation.org>님이 작성:
>
> On Thu, Apr 27, 2023 at 06:29:16PM +0900, sangsup lee wrote:
> > Is there any comment for this issue?
>
> What issue?
>
> > (reference: https://www.spinics.net/lists/kernel/msg4731408.html)
>
> Please use lore.kernel.org links, we have no control over any other
> random email archive .
>
> And the above link just points to this proposed patch.
>
> >
> >
> > 2023년 3월 23일 (목) 오전 10:37, Sangsup Lee <k1rh4.lee@...il.com>님이 작성:
> > >
> > > From: Sangsup lee <k1rh4.lee@...il.com>
> > >
> > > This patch adds mutex_lock for fixing an Use-after-free bug.
> > > fastrpc_req_munmap_impl can be called concurrently in multi-threded environments.
> > > The buf which is allocated by list_for_each_safe can be used after another thread frees it.
>
> How was this tested?
>
> > >
> > > Signed-off-by: Sangsup lee <k1rh4.lee@...il.com>
> > > ---
> > >  V1 -> V2: moving the locking to ioctl.
> > >
> > >  drivers/misc/fastrpc.c | 2 ++
> > >  1 file changed, 2 insertions(+)
> > >
> > > diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c
> > > index 93ebd174d848..aa1cf0e9f4ed 100644
> > > --- a/drivers/misc/fastrpc.c
> > > +++ b/drivers/misc/fastrpc.c
> > > @@ -1901,7 +1901,9 @@ static long fastrpc_device_ioctl(struct file *file, unsigned int cmd,
> > >                 err = fastrpc_req_mmap(fl, argp);
> > >                 break;
> > >         case FASTRPC_IOCTL_MUNMAP:
> > > +               mutex_lock(&fl->mutex);
> > >                 err = fastrpc_req_munmap(fl, argp);
> > > +               mutex_unlock(&fl->mutex);
>
> Are you sure you can call this function with the lock?  If so, why isn't
> the mmap ioctl also locked?
>
> thanks,
>
> greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ