| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <462CF047.3050809@hp.com>
Date: Mon, 23 Apr 2007 13:43:35 -0400
From: Vlad Yasevich <vladislav.yasevich@...com>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: netdev@...r.kernel.org,
"bugme-daemon@...nel-bugs.osdl.org"
<bugme-daemon@...zilla.kernel.org>, matthias.kaehlcke@...il.com,
lksctp-developers@...ts.sourceforge.net
Subject: Re: [Bugme-new] [Bug 8342] New: sctp_getsockopt_local_addrs_old()
calls copy_to_user() while a spinlock is held
Andrew Morton wrote:
> On Mon, 16 Apr 2007 14:34:22 -0700
> bugme-daemon@...zilla.kernel.org wrote:
>
>> http://bugzilla.kernel.org/show_bug.cgi?id=8342
>>
>> Summary: sctp_getsockopt_local_addrs_old() calls copy_to_user()
>> while a spinlock is held
>> Kernel Version: 2.6.20
>> Status: NEW
>> Severity: normal
>> Owner: acme@...stprotocols.net
>> Submitter: matthias.kaehlcke@...il.com
>>
>>
>> Problem Description:
>>
>> sctp_getsockopt_local_addrs_old() in net/sctp/socket.c calls copy_to_user()
>> while the spinlock addr_lock is held. this should not be done as copy_to_user()
>> might sleep. the call to sctp_copy_laddrs_to_user() while holding the lock is
>> also problematic as it calls copy_to_user()
>>
>
> yup.
Thanks for reporting.
The area of this particular lock is quite ugly and will need to be cleaned up.
In the mean time, here is a patch that fixes this for now.
-vlad
View attachment "p" of type "text/plain" (7271 bytes)
Powered by blists - more mailing lists