lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 1 Mar 2024 17:55:15 +0800
From: Wenchao Hao <haowenchao2@...wei.com>
To: Jason Gunthorpe <jgg@...pe.ca>, Leon Romanovsky <leon@...nel.org>, Wenchao
 Hao <haowenchao2@...wei.com>, <linux-rdma@...r.kernel.org>,
	<linux-kernel@...r.kernel.org>
Subject: [PATCH] RDMA/restrack: Fix potential invalid address access

struct rdma_restrack_entry's kern_name was set to KBUILD_MODNAME
in ib_create_cq(), while if the module exited but forgot del this
rdma_restrack_entry, it would cause a invalid address access in
rdma_restrack_clean() when print the owner of this rdma_restrack_entry.

Fix this issue by using kstrdup() to set rdma_restrack_entry's
kern_name.

Signed-off-by: Wenchao Hao <haowenchao2@...wei.com>
---
 drivers/infiniband/core/restrack.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/infiniband/core/restrack.c b/drivers/infiniband/core/restrack.c
index 01a499a8b88d..6605011c4edc 100644
--- a/drivers/infiniband/core/restrack.c
+++ b/drivers/infiniband/core/restrack.c
@@ -177,7 +177,8 @@ static void rdma_restrack_attach_task(struct rdma_restrack_entry *res,
 void rdma_restrack_set_name(struct rdma_restrack_entry *res, const char *caller)
 {
 	if (caller) {
-		res->kern_name = caller;
+		kfree(res->kern_name);
+		res->kern_name = kstrdup(caller, GFP_KERNEL);
 		return;
 	}
 
@@ -195,7 +196,7 @@ void rdma_restrack_parent_name(struct rdma_restrack_entry *dst,
 			       const struct rdma_restrack_entry *parent)
 {
 	if (rdma_is_kernel_res(parent))
-		dst->kern_name = parent->kern_name;
+		dst->kern_name = kstrdup(parent->kern_name, GFP_KERNEL);
 	else
 		rdma_restrack_attach_task(dst, parent->task);
 }
@@ -306,6 +307,7 @@ static void restrack_release(struct kref *kref)
 		put_task_struct(res->task);
 		res->task = NULL;
 	}
+	kfree(res->kern_name);
 	complete(&res->comp);
 }
 
-- 
2.32.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ