lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <tencent_7C66AC3C8B36B8978636E04B46744F77B109@qq.com>
Date: Sun, 23 Jun 2024 20:02:39 +0800
From: Edward Adam Davis <eadavis@...com>
To: pav@....fi
Cc: eadavis@...com,
	johan.hedberg@...il.com,
	linux-bluetooth@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	luiz.dentz@...il.com,
	marcel@...tmann.org,
	syzbot+35ebc808442df6420eae@...kaller.appspotmail.com,
	syzkaller-bugs@...glegroups.com
Subject: Re: [PATCH] Bluetooth: fix double free in hci_req_sync_complete

On Sun, 23 Jun 2024 13:30:50 +0300, Pauli Virtanen wrote:
> > cpu1                       cpu2
> > ====                       ====
> >                            sock_ioctl
> >                            sock_do_ioctl
> >                            hci_sock_ioctl
> > hci_rx_work                hci_dev_cmd
> > hci_event_packet           hci_req_sync
> > req_complete_skb           __hci_req_sync
> > hci_req_sync_complete
> >
> > If hci_rx_work executes before __hci_req_sync releases req_skb, everything
> > is normal, otherwise it will result in double free of req_skb.
> >
> > Adding NULL check of req_skb before releasing it can avoid double free.
> 
> Do you understand why?
> 
> kfree_skb(NULL) is allowed, so this is logically a no-op.
> 
> Probably it perturbs the timings so syzkaller repro no longer hits the
> race window, ie doesn't fix the issue.
Good, even if you already know race, let me ask you a question: how to reduce race window?

``
Edward


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ