| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230907221016.2978802-3-ninad@linux.ibm.com>
Date: Thu, 7 Sep 2023 17:10:16 -0500
From: Ninad Palsule <ninad@...ux.ibm.com>
To: jk@...abs.org, joel@....id.au, alistair@...ple.id.au,
eajames@...ux.ibm.com, linux-fsi@...ts.ozlabs.org,
linux-kernel@...r.kernel.org
Cc: Ninad Palsule <ninad@...ux.ibm.com>
Subject: [PATCH v1 2/2] fsi: sbefifo: Validate pending user write
This commit fails user write operation if previous write operation is
still pending.
As per the driver design write operation only prepares the buffer, the
actual FSI write is performed on next read operation. so if buggy
application sends two back to back writes or two parallel writes then
that could cause memory leak.
Signed-off-by: Ninad Palsule <ninad@...ux.ibm.com>
---
drivers/fsi/fsi-sbefifo.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/fsi/fsi-sbefifo.c b/drivers/fsi/fsi-sbefifo.c
index b771dff27f7f..824e2a921a25 100644
--- a/drivers/fsi/fsi-sbefifo.c
+++ b/drivers/fsi/fsi-sbefifo.c
@@ -874,6 +874,12 @@ static ssize_t sbefifo_user_write(struct file *file, const char __user *buf,
mutex_lock(&user->file_lock);
+ /* Previous write is still in progress */
+ if (user->pending_cmd) {
+ mutex_unlock(&user->file_lock);
+ return -EALREADY;
+ }
+
/* Can we use the pre-allocate buffer ? If not, allocate */
if (len <= PAGE_SIZE)
user->pending_cmd = user->cmd_page;
--
2.39.2
Powered by blists - more mailing lists