From: Ben Greear <greearb@candelatech.com>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: Linux Wireless List <linux-wireless@vger.kernel.org>
Subject: Re: [PATCH] nl80211: fix attrbuf access race by allocating a separate one
Date: Wed, 19 Jun 2013 09:57:35 -0700 [thread overview]
Message-ID: <51C1E2FF.3030309@candelatech.com> (raw)
In-Reply-To: <1371630238.8349.6.camel@jlt4.sipsolutions.net>
On 06/19/2013 01:23 AM, Johannes Berg wrote:
> From: Johannes Berg <johannes.berg@intel.com>
>
> Since my commit 3713b4e364, nl80211_dump_wiphy() uses the global
> nl80211_fam.attrbuf for parsing the incoming data. This wouldn't
> be a problem if it only did so on the first dump iteration which
> is locked against other commands in generic netlink, but due to
> space constraints in cb->args (the needed state doesn't fit) I
> decided to always parse the original message. That's racy though
> since nl80211_fam.attrbuf could be used by some other parsing in
> generic netlink concurrently.
>
> For now, fix this by allocating a separate parse buffer (it's a
> bit too big for the stack, currently 1448 bytes on 64-bit). For
> -next, I'll change the code to parse into the global buffer in
> the first round only and then allocate a smaller buffer to keep
> the state in cb->args.
The commit mentioned above (3713b4e364) is in 3.9.6, but this patch
doesn't come close to applying on my 3.9.6.
Do you happen to know if this should be backported to 3.9 stable or not?
Thanks,
Ben
--
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc http://www.candelatech.com
next prev parent reply other threads:[~2013-06-19 16:57 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-19 1:46 nl80211 NULL pointer dereference Linus Torvalds
2013-06-19 2:06 ` David Miller
2013-06-19 2:24 ` Linus Torvalds
2013-06-19 7:47 ` David Miller
2013-06-19 7:54 ` Johannes Berg
2013-06-19 8:23 ` [PATCH] nl80211: fix attrbuf access race by allocating a separate one Johannes Berg
2013-06-19 8:39 ` David Miller
2013-06-19 13:51 ` John W. Linville
2013-06-19 13:44 ` Sergei Shtylyov
2013-06-19 16:26 ` Linus Torvalds
2013-06-19 16:57 ` Ben Greear [this message]
2013-06-19 17:00 ` Johannes Berg
2013-06-19 17:04 ` Ben Greear
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51C1E2FF.3030309@candelatech.com \
--to=greearb@candelatech.com \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).