| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <38ef3ff9-b380-44f0-9315-8b3714b0948d@huaweicloud.com> Date: Fri, 22 Aug 2025 09:57:51 +0800 From: Chen Ridong <chenridong@...weicloud.com> To: Tejun Heo <tj@...nel.org> Cc: Baokun Li <libaokun1@...wei.com>, cgroups@...r.kernel.org, chenridong@...wei.com, gregkh@...uxfoundation.org, hannes@...xchg.org, linux-kernel@...r.kernel.org, lujialin4@...wei.com, mkoutny@...e.com, peterz@...radead.org, zhouchengming@...edance.com, Yang Erkun <yangerkun@...wei.com> Subject: Re: [PATCH] kernfs: Fix UAF in PSI polling when open file is released On 2025/8/20 9:46, Tejun Heo wrote: > Hello, > > On Mon, Aug 18, 2025 at 04:00:08PM +0800, Chen Ridong wrote: >>> A potential solution is to make the lifecycles of cgroup_file_ctx and >>> psi_trigger match the struct kernfs_open_file they're associated with. >>> Maybe we could just get rid of the kernfs_release_file call in >>> kernfs_drain_open_files? >>> >> >> Hi, Tj, what do you think about this solution? > > So, I think it's really fragile for a killed (drained) kernfs_open_file to > be reused after the corresponding @kn is resurrected. Once killed, that file > should stay dead. I think it'd be best if we can do this in a generic manner > rather than trying to fix it only for poll. > > kernfs_get_active() is the thing which gates active operations on the file. > Maybe we can add a wrapper, say, kernfs_get_active_of(struct > kernfs_open_file *of) which returns NULL if @of has already been killed or > the underlying @kn can't be activated? > > Thanks. > Thank you Tj, This is reasonable, I will try. -- Best regards, Ridong
Powered by blists - more mailing lists