From mboxrd@z Thu Jan 1 00:00:00 1970 From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman) Subject: Re: ucount: use-after-free read in inc_ucount & dec_ucount Date: Mon, 06 Mar 2017 10:33:15 -0600 Message-ID: <87a88y4b78.fsf@xmission.com> References: <180fb7dc-790e-8e82-0cc1-c6e15ddcd20b@gmail.com> <87pohy1fx6.fsf@xmission.com> <1aafd5e9-d9de-e5d9-a77d-cf245c5a5c6a@gmail.com> <87efybfnh2.fsf@xmission.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: (Dmitry Vyukov's message of "Mon, 6 Mar 2017 10:13:45 +0100") List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Dmitry Vyukov Cc: syzkaller , containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, Jan Kara , =?utf-8?B?7Kq866W0?= List-Id: containers.vger.kernel.org RG1pdHJ5IFZ5dWtvdiA8ZHZ5dWtvdkBnb29nbGUuY29tPiB3cml0ZXM6Cgo+IE9uIFN1biwgTWFy IDUsIDIwMTcgYXQgMTA6MDAgUE0sIEVyaWMgVy4gQmllZGVybWFuCj4gPGViaWVkZXJtQHhtaXNz aW9uLmNvbT4gd3JvdGU6Cj4+IOyqvOultCA8enpvcnUwMDdAZ21haWwuY29tPiB3cml0ZXM6Cj4+ Cj4+PiBIaSwgVGhpcyBpcyBteSBuZXcgb25lIHJlcG9ydCBhYm91dCBkZWNfdWNvdW50Ogo+Pj4g cHMuU29ycnkgZm9yIG15IHVuY29tZm9ydGFibGUgcmVwb3J0LiBUaGlzIGlzIG15IGZpcnN0IHVz YWdlIG9mIGxrbWwuCj4+PiBTeXprYWxsZXIgaGl0ICdLQVNBTjogdXNlLWFmdGVyLWZyZWUgUmVh ZCBpbiBkZWNfdWNvdW50JyBidWcgb24gY29tbWl0Cj4+PiAuCj4+Cj4+IFlvdSBhcmUgZG9pbmcg d2VsbC4gIFRoYW5rIHlvdSB2ZXJ5IG11Y2ggZm9yIHRoZSByZXBvcnQuCj4+Cj4+IFRoYW5rIHlv dSBmb3IgdGhlIHJlcHJvZHVjZXIuICBVbmZvcnR1bmF0ZWx5IEkgYW0gbm90IGFibGUgdG8gcmVw cm9kdWNlCj4+IHRoZSBidWcgd2l0aCB3aGF0IHRoZSBjb2RlIHlvdSBoYXZlIHBvc3RlZCBoZXJl Lgo+Pgo+PiBGcm9tIHRoZSBpbml0aWFsIG1haWxpbmcgdGhlIGNvZGUgc2FpZDoKPj4KPj4+IFN5 emthbGxlciByZXByb2R1Y2VyOgo+Pj4gIyB7VGhyZWFkZWQ6ZmFsc2UgQ29sbGlkZTpmYWxzZSBS ZXBlYXQ6dHJ1ZSBQcm9jczo0IFNhbmRib3g6c2V0dWlkCj4+PiBSZXBybzpmYWxzZX0KPj4+IGlu b3RpZnlfaW5pdCgpCj4+Cj4+IFRoZSBjb2RlIHlvdSBwb3N0ZWQgc2F5czoKPj4KPj4+IFN5emth bGxlciByZXByb2R1Y2VyOgo+Pj4gIyB7VGhyZWFkZWQ6ZmFsc2UgQ29sbGlkZTpmYWxzZSBSZXBl YXQ6dHJ1ZSBQcm9jczoxIFNhbmRib3g6c2V0dWlkIFJlcHJvOmZhbHNlfQo+Pj4gc2VtZ2V0JHBy aXZhdGUoMHgwLCAweDQwMDAwMTAwMywgMHgxODEpCj4+Cj4+IFNvIEkgZXhwZWN0IHN5emthbGxl ciBkaWQgbm90IGNyZWF0ZSB0aGUgc2FtZSBjb2RlIHdoZW4geW91IHJhbiBpdAo+PiBhZ2Fpbi4g IFNvbWV0aGluZyBlYXN5IHRvIG1pc3MgaWYgeW91IGhhdmVuJ3QgcnVuIHVzZWQgYSB0b29sIGxp a2UgdGhhdAo+PiBtdWNoLgo+Pgo+PiBJZiBzb21lb25lIGtub3dzIGhvdyB0byBnZXQgdGhlIGNv ZGUgdGhhdCBzeXprYWxsZXIgd291bGQgZ2VuZXJhdGUgdGhhdAo+PiBtYXRjaGVzIHRoZSBvcmln aW5hbCByZXByb2R1Y2VyIEkgd291bGQgdmVyeSBtdWNoIGFwcHJlY2lhdGUgaXQgc28gdGhhdAo+ PiB3ZSBjYW4gY29uZmlybSB0aGUgYnVnIHdlIGhhdmUgc3BvdHRlZCBpbiB0aGUgY29kZSBpcyB0 aGUgYnVnIHN5emthbGxlcgo+PiBmb3VuZC4KPj4KPj4gVW50aWwgdGhhdCBwb2ludCBJIGFtIGdv aW5nIHRvIGZpeCB0aGUgb2J2aW91cyBidWcgaW4gdGhlIGNvZGUgYW5kIGhvcGUKPj4gdGhhdCBm aXhlcyB0aGUgcHJvYmxlbS4KPgo+Cj4gUmVsaWFibHkgcmVwcm9kdWNpbmcgc3VjaCBidWdzIGlz IG5vdCBwb3NzaWJsZSAoaG93IHdvdWxkIHlvdSBleHBlY3QKPiBpdCB0byBsb29rIGxpa2U/KS4g WW91ciBiZXN0IGJldCBpcyB0byB3cml0ZSBhIHN0cmVzcyB0ZXN0IHRoYXQKPiBwcm92b2tlcyB0 aGUgYnVnLCBhZGQgc29tZSBzbGVlcHMgaW50byBrZXJuZWwgY29kZSBhbmQgcnVuIGl0IGZvciBh Cj4gd2hpbGUgd2l0aCBLQVNBTi4gU2hvdWxkIGJlIHJlcHJvZHVjaWJsZSB3aXRoaW4gbWludXRl cy4KCkkgd2FzIG5vdCBhc2tpbmcgZm9yIGEgcmVsaWFibGUgcmVwcm9kdWNlci4gIEkgd2FzIGFz a2luZyB3aGF0IGNvZGUgd2FzCnJ1biB0aGF0IHRyaWdnZXJlZCB0aGUgZXJyb3IuCgpJIGRvbid0 IGhhdmUgYSBjbHVlIHdoYXQgdGhlIHJhbmRvbWx5IGdlbmVyYXRlZCBjb2RlIHRoYXQgcHJvbXB0 ZWQgdGhlCm9yaWdpbmFsIGtlcm5lbCBlcnJvciBpcyBhbmQgaXQgZG9lc24ndCBhcHBlYXIgYW55 b25lIGVsc2UgZG9lcyBlaXRoZXIuCgpUaGUgb25seSBoaW50IEkgaGF2ZSBpczoKPj4+IFN5emth bGxlciByZXByb2R1Y2VyOgo+Pj4gIyB7VGhyZWFkZWQ6ZmFsc2UgQ29sbGlkZTpmYWxzZSBSZXBl YXQ6dHJ1ZSBQcm9jczo0IFNhbmRib3g6c2V0dWlkCj4+PiBSZXBybzpmYWxzZX0KPj4+IGlub3Rp ZnlfaW5pdCgpCgpUaGUgY29kZSB0aGF0IHdhcyBwb3N0ZWQgZGlkIG5vdCBjYWxsIGlub3RpZnlf aW5pdCBhbmQgc28gSSBiZWxpZXZlIHRoYXQKd2FzIGEgY29tcGxldGVseSBkaWZmZXJlbnQgcmFu ZG9tIHBpZWNlIG9mIGNvZGUsIHRoYXQgaGFzIG5vdGhpbmcgdG8gZG8Kd2l0aCB0aGlzIGlzc3Vl LgoKSSBkb24ndCBrbm93IHN5emthbGxlciBhbmQgaXQgbG9va3Mgbm9uLXRyaXZpYWwgdG8gaW5z dGFsbCBvbiBteSBzeXN0ZW0KYW5kIHBsYXkgYXJvdW5kIHdpdGguICBTbyBJIGFtIGdvaW5nIHRv IGxlYXZlIGZ1dHppbmcgd2l0aCBzeXprYWxsZXIgdG8KcGVvcGxlIHdobyBoYXZlIGJlZW4gYWJs ZSB0byBmaWd1cmUgaXQgb3V0LgoKVW50aWwgSSBoYXZlIGEgcmVhc29uYWJsZSB1bmRlcnN0YW5k aW5nIG9mIHdoYXQgdGhlIGNvZGUgd2FzIGRvaW5nIHRoYXQKdHJpZ2dlcmVkIHRoZSBlcnJvciBJ IGNhbid0IHNheSB3aXRoIGFueSBjZXJ0YWludHkgdGhhdCB0aGUgcmVwb3J0ZWQgYnVnCndhcyBm aXhlZC4KCkkgd291bGQgbG92ZSB0byBiZSBhYmxlIHRvIHNheSB0aGF0IGl0IGxvb2tzIGxpa2Ug dGhlIGJ1ZyB0aGF0IGNhdXNlZAp0aGUgZXJyb3IgcmVwb3J0IHdhcyBmaXhlZC4KCkVyaWMKX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KQ29udGFpbmVycyBt YWlsaW5nIGxpc3QKQ29udGFpbmVyc0BsaXN0cy5saW51eC1mb3VuZGF0aW9uLm9yZwpodHRwczov L2xpc3RzLmxpbnV4Zm91bmRhdGlvbi5vcmcvbWFpbG1hbi9saXN0aW5mby9jb250YWluZXJz