| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALbr=LacbaugBceAEf65uT9xhQsxF99zo4jXqNUELqb=2t_9cg@mail.gmail.com> Date: Tue, 20 Jan 2026 20:46:46 +0800 From: Gui-Dong Han <hanguidong02@...il.com> To: Markus Elfring <Markus.Elfring@....de> Cc: linux-media@...r.kernel.org, stable@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>, Jia-Ju Bai <baijiaju1990@...il.com>, Hans Verkuil <hverkuil+cisco@...nel.org>, Mauro Carvalho Chehab <mchehab@...nel.org> Subject: Re: [PATCH v2] media: dvb_demux: fix potential TOCTOU race conditions On Tue, Jan 20, 2026 at 8:38 PM Markus Elfring <Markus.Elfring@....de> wrote: > > … > > Fix this by extending the lock scope. > … > > How do you think about to increase the application of scope-based resource management? > https://elixir.bootlin.com/linux/v6.19-rc5/source/include/linux/mutex.h#L253 I did not use scope-based resource management because it was introduced into the kernel relatively recently. Since this patch fixes a bug that has existed for a long time and needs to be backported to older stable kernels, using standard mutex locking ensures better compatibility and easier backporting. > > This possible bug was found by our experimental static analysis tool, > > which analyzes lock usage to detect TOCTOU issues. > > * Do you refer to any other source code analysis approach than LR-Miner? > > * Will any additional background information become more helpful here? This is a new experimental static analysis tool we are developing. There is no additional background information to share at this moment. Thanks.
Powered by blists - more mailing lists