| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240821160316.02c03c44@gandalf.local.home> Date: Wed, 21 Aug 2024 16:03:16 -0400 From: Steven Rostedt <rostedt@...dmis.org> To: tglozar@...hat.com Cc: linux-trace-kernel@...r.kernel.org, linux-kernel@...r.kernel.org, jkacur@...hat.com, "Luis Claudio R. Goncalves" <lgoncalv@...hat.com> Subject: Re: [PATCH] tracing/timerlat: Check tlat_var for NULL in timerlat_fd_release On Tue, 20 Aug 2024 15:00:01 +0200 tglozar@...hat.com wrote: > From: Tomas Glozar <tglozar@...hat.com> > > When running timerlat with a userspace workload (NO_OSNOISE_WORKLOAD), > NULL pointer dereference can be triggered by sending consequent SIGINT > and SIGTERM signals to the workload process. That then causes > timerlat_fd_release to be called twice in a row, and the second time, > hrtimer_cancel is called on a zeroed hrtimer struct, causing the NULL > dereference. > > This can be reproduced using rtla: > ``` > $ while true; do rtla timerlat top -u -q & PID=$!; sleep 5; \ > kill -INT $PID; sleep 0.001; kill -TERM $PID; wait $PID; done > [1] 1675 > [1]+ Aborted (SIGTERM) rtla timerlat top -u -q > [1] 1688 > client_loop: send disconnect: Broken pipe > ``` > triggering the bug: I'm able to reproduce this with the above. Unfortunately, I can still reproduce it after applying this patch :-( Looking at the code, the logic for handling the kthread seems off. I'll spend a little time to see if I can figure it out. -- Steve
Powered by blists - more mailing lists