[question] should 363b02dab09b3 be backported to stable 4.1+?

linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: ebiggers3@gmail.com (Eric Biggers)
To: linux-security-module@vger.kernel.org
Subject: [question] should 363b02dab09b3 be backported to stable 4.1+?
Date: Thu, 14 Dec 2017 19:58:00 -0800	[thread overview]
Message-ID: <20171215035800.GA891@zzz.localdomain> (raw)
In-Reply-To: <20171215024706.GB11199@jagdpanzerIV>

Hi Sergey,

On Fri, Dec 15, 2017 at 11:47:06AM +0900, Sergey Senozhatsky wrote:
> Hello David, Eric,
> 
> please help me out.
> 
> I'm looking at 363b02dab09b ("KEYS: Fix race between updating and finding
> a negative key") right now. So, I see that it has been backported to stable
> 4.4+. My question is -- do we have those test_bit(KEY_FLAG_INSTANTIATED)
> and test_bit(KEY_FLAG_NEGATIVE) races in stable 4.1?
> 

Before 4.4 (146aa8b1453), ->reject_error was in union with ->type_data rather
than ->payload, and no key types that used ->type_data implemented ->update().
Therefore it was not possible to reproduce the crash.

I do see there was another possible race, only theoretically a problem on
architectures with weaker memory ordering than x86, where a key being negatively
instantiated could be momentarily observed to be positively instantiated.  But
even then I don't see where it could be a real problem.  (Note that most users
wait for KEY_FLAG_USER_CONSTRUCT rather than checking KEY_FLAG_INSTANTIATED
directly.)

You're free to backport the commit if you want to be absolutely sure, though I'd
personally be more worried about other backports that might have been missed,
and the bugs that haven't been found yet.

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2017-12-15  3:58 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-12-15  2:47 [question] should 363b02dab09b3 be backported to stable 4.1+? Sergey Senozhatsky
2017-12-15  3:58 ` Eric Biggers [this message]
2017-12-15  5:08   ` Sergey Senozhatsky

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20171215035800.GA891@zzz.localdomain \
    --to=ebiggers3@gmail.com \
    --cc=linux-security-module@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).