lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 23 Apr 2007 13:43:35 -0400
From:	Vlad Yasevich <vladislav.yasevich@...com>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	netdev@...r.kernel.org,
	"bugme-daemon@...nel-bugs.osdl.org" 
	<bugme-daemon@...zilla.kernel.org>, matthias.kaehlcke@...il.com,
	lksctp-developers@...ts.sourceforge.net
Subject: Re: [Bugme-new] [Bug 8342] New: sctp_getsockopt_local_addrs_old()
 calls copy_to_user() while a spinlock is held

Andrew Morton wrote:
> On Mon, 16 Apr 2007 14:34:22 -0700
> bugme-daemon@...zilla.kernel.org wrote:
> 
>> http://bugzilla.kernel.org/show_bug.cgi?id=8342
>>
>>            Summary: sctp_getsockopt_local_addrs_old() calls copy_to_user()
>>                     while a spinlock is held
>>     Kernel Version: 2.6.20
>>             Status: NEW
>>           Severity: normal
>>              Owner: acme@...stprotocols.net
>>          Submitter: matthias.kaehlcke@...il.com
>>
>>
>> Problem Description:
>>
>> sctp_getsockopt_local_addrs_old() in net/sctp/socket.c calls copy_to_user()
>> while the spinlock addr_lock is held. this should not be done as copy_to_user()
>> might sleep. the call to sctp_copy_laddrs_to_user() while holding the lock is
>> also problematic as it calls copy_to_user()
>>
> 
> yup.

Thanks for reporting.

The area of this particular lock is quite ugly and will need to be cleaned up.
In the mean time, here is a patch that fixes this for now.

-vlad

View attachment "p" of type "text/plain" (7271 bytes)

Powered by blists - more mailing lists