| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <caa4f006-6c74-4e16-961f-23ea90e26606@suse.com> Date: Tue, 2 Jul 2024 12:15:57 +0200 From: Juergen Gross <jgross@...e.com> To: Viresh Kumar <viresh.kumar@...aro.org>, Stefano Stabellini <sstabellini@...nel.org>, Oleksandr Tyshchenko <oleksandr_tyshchenko@...m.com> Cc: Vincent Guittot <vincent.guittot@...aro.org>, Alex Bennée <alex.bennee@...aro.org>, Manos Pitsidianakis <manos.pitsidianakis@...aro.org>, Paolo Bonzini <pbonzini@...hat.com>, Al Viro <viro@...iv.linux.org.uk>, xen-devel@...ts.xenproject.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH 2/2] xen: privcmd: Fix possible access to a freed kirqfd instance On 18.06.24 11:42, Viresh Kumar wrote: > Nothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and > privcmd_irqfd_deassign(). If that happens, it is possible that a kirqfd > created and added to the irqfds_list by privcmd_irqfd_assign() may get > removed by another thread executing privcmd_irqfd_deassign(), while the > former is still using it after dropping the locks. > > This can lead to a situation where an already freed kirqfd instance may > be accessed and cause kernel oops. > > Use SRCU locking to prevent the same, as is done for the KVM > implementation for irqfds. > > Reported-by: Al Viro <viro@...iv.linux.org.uk> > Suggested-by: Paolo Bonzini <pbonzini@...hat.com> > Signed-off-by: Viresh Kumar <viresh.kumar@...aro.org> Reviewed-by: Juergen Gross <jgross@...e.com> Juergen Download attachment "OpenPGP_0xB0DE9DD628BF132F.asc" of type "application/pgp-keys" (3684 bytes) Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (496 bytes)
Powered by blists - more mailing lists