lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <crrdw3y2mgkhkgnuvgemuyy6px5hfru5yadhqu3jrhvkbkbec7@kiat7q7jbav6>
Date: Wed, 19 Nov 2025 01:07:34 -0800
From: Breno Leitao <leitao@...ian.org>
To: Gustavo Luiz Duarte <gustavold@...il.com>
Cc: Andre Carvalho <asantostc@...il.com>, Simon Horman <horms@...nel.org>, 
	Andrew Lunn <andrew+netdev@...n.ch>, "David S. Miller" <davem@...emloft.net>, 
	Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, 
	Paolo Abeni <pabeni@...hat.com>, Shuah Khan <shuah@...nel.org>, netdev@...r.kernel.org, 
	linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org
Subject: Re: [PATCH net-next v2 3/4] netconsole: Dynamic allocation of
 userdata buffer

> > >  static ssize_t userdatum_value_store(struct config_item *item, const char *buf,
> > > @@ -937,7 +953,9 @@ static ssize_t userdatum_value_store(struct config_item *item, const char *buf,
> > >
> > >       ud = to_userdata(item->ci_parent);
> > >       nt = userdata_to_target(ud);
> > > -     update_userdata(nt);
> > > +     ret = update_userdata(nt);
> > > +     if (ret < 0)
> > > +             goto out_unlock;
> > >       ret = count;
> > >  out_unlock:
> > >       mutex_unlock(&dynamic_netconsole_mutex);
> > > @@ -1193,7 +1211,10 @@ static struct configfs_attribute *netconsole_target_attrs[] = {
> > >
> > >  static void netconsole_target_release(struct config_item *item)
> > >  {
> > > -     kfree(to_target(item));
> > > +     struct netconsole_target *nt = to_target(item);
> >
> > Thinking about this now, I suppose netconsole might be reading this in
> > parallel, and then we are freeing userdata mid-air.
> >
> > Don't we need the target_list_lock in here ?
> 
> This method is called after drop_netconsole_target(), which removes
> the target from target_list. This guarantees that we won't race with
> write_ext_msg().
> Also, a config_group cannot be removed while it still has child items.
> This guarantees that we won't race with userdata or attribute
> operations.
> So I believe this is safe.

Thanks for checking it!

--breno

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ