lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 17 May 2015 21:58:02 -0700
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Ying Xue <ying.xue@...driver.com>
Cc:	David Miller <davem@...emloft.net>, netdev@...r.kernel.org,
	alexei@...estorage.com, joern@...estorage.com, ja@....bg
Subject: Re: [PATCH net-next 2/6] neigh: fix a possible leak issue of neigh
 entry

On Mon, 2015-05-18 at 11:24 +0800, Ying Xue wrote:

> If the issue of "neigh use-after-free" is fixed by the first patch although you
> said the atomic_read() was not safe for us, is the patch still wrong? If it's
> really wrong, can you please give more detailed explanation to help me
> understand why the change is wrong and but why a similar timer usage in
> sk_reset_timer() is not wrong?

Why do you believe sk_reset_timer() would be wrong ?

Difference between neigh_add_timer() and sk_reset_timer() is very
simple :

neigh_add_timer() must be called while the timer is not yet armed.

sk_reset_timer() can be called while timer is already armed.

You are changing neigh_add_timer() for no good reason, just because you
want it to be 'like sk_reset_timer()' ?



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ