lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <caa4f006-6c74-4e16-961f-23ea90e26606@suse.com>
Date: Tue, 2 Jul 2024 12:15:57 +0200
From: Juergen Gross <jgross@...e.com>
To: Viresh Kumar <viresh.kumar@...aro.org>,
 Stefano Stabellini <sstabellini@...nel.org>,
 Oleksandr Tyshchenko <oleksandr_tyshchenko@...m.com>
Cc: Vincent Guittot <vincent.guittot@...aro.org>,
 Alex Bennée <alex.bennee@...aro.org>,
 Manos Pitsidianakis <manos.pitsidianakis@...aro.org>,
 Paolo Bonzini <pbonzini@...hat.com>, Al Viro <viro@...iv.linux.org.uk>,
 xen-devel@...ts.xenproject.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] xen: privcmd: Fix possible access to a freed kirqfd
 instance

On 18.06.24 11:42, Viresh Kumar wrote:
> Nothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and
> privcmd_irqfd_deassign(). If that happens, it is possible that a kirqfd
> created and added to the irqfds_list by privcmd_irqfd_assign() may get
> removed by another thread executing privcmd_irqfd_deassign(), while the
> former is still using it after dropping the locks.
> 
> This can lead to a situation where an already freed kirqfd instance may
> be accessed and cause kernel oops.
> 
> Use SRCU locking to prevent the same, as is done for the KVM
> implementation for irqfds.
> 
> Reported-by: Al Viro <viro@...iv.linux.org.uk>
> Suggested-by: Paolo Bonzini <pbonzini@...hat.com>
> Signed-off-by: Viresh Kumar <viresh.kumar@...aro.org>

Reviewed-by: Juergen Gross <jgross@...e.com>


Juergen


Download attachment "OpenPGP_0xB0DE9DD628BF132F.asc" of type "application/pgp-keys" (3684 bytes)

Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (496 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ