lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 Sep 2022 06:52:56 +0900 From: asmadeus@...ewreck.org To: Christian Schoenebeck <linux_oss@...debyte.com> Cc: Leon Romanovsky <leon@...nel.org>, syzbot <syzbot+67d13108d855f451cafc@...kaller.appspotmail.com>, davem@...emloft.net, edumazet@...gle.com, ericvh@...il.com, kuba@...nel.org, linux-kernel@...r.kernel.org, lucho@...kov.net, netdev@...r.kernel.org, pabeni@...hat.com, syzkaller-bugs@...glegroups.com, v9fs-developer@...ts.sourceforge.net Subject: Re: [syzbot] KASAN: use-after-free Read in rdma_close Christian Schoenebeck wrote on Wed, Sep 28, 2022 at 02:57:07PM +0200: > OK, maybe it's just me, but ask yourself Leon, if you were the only guy left > (i.e. Dominique) still actively taking care for 9p, would those exactly be > motivating phrases for your efforts? Just saying. I didn't plan on replying (happy to disagree), but I'm actually grateful for Leon to have taken the time to look here: Thank you! While I probably would also have spotted the error (the change is fresh), it saved me time even if you account for some bikeshedding. (Not particularly happy with the amount of time I can allocate to 9p nor the maintainance work I'm doing by the way, but I guess it's better than leaving it completely unmaintained) > From technical perspective, yes, destruction in reverse order is usually the > better way to go. Whether I would carve that in stone, without any exception, > probably not. I think it's a tradeoff really. Unrolling in place is great, don't get me wrong, but it's also easy to miss things when adding code later on -- we actually just did that and got another kasan report which made me factor things in to future-proof the code. Having a single place of truth that knows how to "untangle" and properly free a struct, making sure it is noop for parts of the struct that haven't been initialized yet, is less of a burden for me to think about. ... Just happened to be wrong about the "making sure it's noop" part because I didn't check properly and my mental model had close functions noop on NULL clnt->priv, like free functions... (Uh, actually it is for RDMA, so the "problem" was that it left clnt->trans set after later errors -- but conversely virtio's close doesn't check so also had the problem and we really must ensure we don't close something not open) Anyway, I've sent a couple of patch (even fixing up the order to match in create/destroy), I'll consider this closed. -- Dominique
Powered by blists - more mailing lists