From: Oleg Nesterov <oleg@redhat.com>
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: schwidefsky@de.ibm.com, linux-kernel@vger.kernel.org,
torvalds@linux-foundation.org, akpm@linux-foundation.org
Subject: Re: [PATCH] kernel/kmod: fix use-after-free of the sub_infostructure
Date: Thu, 16 Oct 2014 23:58:34 +0200 [thread overview]
Message-ID: <20141016215834.GA28864@redhat.com> (raw)
In-Reply-To: <201410170630.EBH48400.FSOHVQJOFMLtFO@I-love.SAKURA.ne.jp>
On 10/17, Tetsuo Handa wrote:
>
> Ah, I see. Here is a draft of an updated patch.
Do you mean this part
> sub_info->retval = retval;
> + /* wait_for_helper() will call umh_complete() if UMH_WAIT_PROC. */
> + if (wait != UMH_WAIT_PROC)
> + umh_complete(sub_info);
> + if (!retval)
> + return 0;
> do_exit(0);
> }
?
Personally I agree, this looks a bit better to me. But this is cosmetic
and subjective, I leave this to Martin ;)
I also agree that the changelog could mention exec_mmap. Plus a comment
about UMH_NO_WAIT && sub_info->complete == NULL. So yes, perhaps v2 makes
sense if Martin agrees.
> By the way, it seems to me that nothing prevents
>
> if (info->cleanup)
> (*info->cleanup)(info);
>
> from crashing when info->cleanup points to a function in a loadable kernel
> module and the loadable kernel module got unloaded before the worker thread
> calls call_usermodehelper_freeinfo().
Just don't do this? I mean, in this case the caller of call_usermodehelper()
is obviously buggy? Or I missed your point?
Oleg.
next prev parent reply other threads:[~2014-10-16 22:01 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-16 14:00 [PATCH] kernel/kmod: fix use-after-free of the sub_info structure Martin Schwidefsky
2014-10-16 16:57 ` Tetsuo Handa
2014-10-16 17:42 ` Oleg Nesterov
2014-10-16 21:30 ` [PATCH] kernel/kmod: fix use-after-free of the sub_infostructure Tetsuo Handa
2014-10-16 21:58 ` Oleg Nesterov [this message]
2014-10-17 7:04 ` Martin Schwidefsky
2014-10-17 7:36 ` Martin Schwidefsky
2014-10-17 12:55 ` [PATCH] kernel/kmod: fix use-after-free of the sub_info structure Tetsuo Handa
2014-10-17 15:21 ` [PATCH] kernel/kmod: fix use-after-free of the sub_infostructure Oleg Nesterov
2014-10-17 19:15 ` [PATCH 0/2] (Was: kernel/kmod: fix use-after-free of the sub_infostructure) Oleg Nesterov
2014-10-17 19:16 ` [PATCH 1/2] usermodehelper: don't use CLONE_VFORK for ____call_usermodehelper() Oleg Nesterov
2014-10-17 19:16 ` [PATCH 2/2] usermodehelper: kill the kmod_thread_locker logic Oleg Nesterov
2014-10-17 23:54 ` [PATCH 0/2] (Was: kernel/kmod: fix use-after-free of thesub_infostructure) Tetsuo Handa
2014-10-17 7:02 ` [PATCH] kernel/kmod: fix use-after-free of the sub_infostructure Martin Schwidefsky
2014-10-16 17:37 ` [PATCH] kernel/kmod: fix use-after-free of the sub_info structure Oleg Nesterov
2014-10-16 20:16 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141016215834.GA28864@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=schwidefsky@de.ibm.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.