| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 04 Nov 2009 04:41:16 -0800 (PST) From: David Miller <davem@...emloft.net> To: eric.dumazet@...il.com Cc: amwang@...hat.com, linux-kernel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [Patch] net: fix incorrect counting in __scm_destroy() From: Eric Dumazet <eric.dumazet@...il.com> Date: Wed, 04 Nov 2009 11:29:05 +0100 > Given we kfree(fpl) at the end of loop, we cannot recursively call > __scm_destroy() on same fpl, it would be a bug anyway ? > > So you probably need something better, like testing fpl->list being > not re-included in current->scm_work_list before kfree() it I can't even see what the problem is. The code is designed such that the ->count only matters for the top level. If we recursively fput() and get back here, we'll see that there is someone higher in the call chain already running the fput() loop and we'll just list_add_tail(). The inner while() loop will make sure we process such entries once we get back to the top level and exit the for() loop. Amerigo, please show us the problematic code path where the counts go wrong and this causes problems. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists