lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALm+0cUytR3-0mcW3t24gcyP27UW3rpP5_+vpLVC3w70+0n6oQ@mail.gmail.com>
Date:   Thu, 7 Sep 2023 10:13:23 +0800
From:   Z qiang <qiang.zhang1211@...il.com>
To:     Tejun Heo <tj@...nel.org>
Cc:     jiangshanlai@...il.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] workqueue: Fix UAF report by KASAN in pwq_release_workfn()

>
> On Wed, Sep 06, 2023 at 10:12:34AM +0800, Z qiang wrote:
> > Flush the pwq_release_worker is insufficient, the call_rcu() is
> > invoked to release wq
> > in pwq_release_workfn(), this is also asynchronous.
>
> But rcu_free_pwq() doesn't access wq or anything. The last access is from
> the work function.

The rcu_free_wq() will access wq->cpu_pwq or unbound_attrs,
but  at this time, the kfree(wq) may have been called in alloc_workqueue().

Thanks
Zqiang


>
> Thanks.
>
> --
> tejun

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ