From: Schspa Shi <schspa@gmail.com>
To: Luis Chamberlain <mcgrof@kernel.org>
Cc: mingo@redhat.com, peterz@infradead.org, juri.lelli@redhat.com,
vincent.guittot@linaro.org, dietmar.eggemann@arm.com,
rostedt@goodmis.org, bsegall@google.com, mgorman@suse.de,
bristot@redhat.com, vschneid@redhat.com,
linux-kernel@vger.kernel.org,
syzbot+10d19d528d9755d9af22@syzkaller.appspotmail.com,
syzbot+70d5d5d83d03db2c813d@syzkaller.appspotmail.com,
syzbot+83cb0411d0fcf0a30fc1@syzkaller.appspotmail.com
Subject: Re: [PATCH] umh: fix UAF when the process is being killed
Date: Fri, 13 Jan 2023 13:42:05 +0800 [thread overview]
Message-ID: <m2cz7j7zm2.fsf@gmail.com> (raw)
In-Reply-To: <Y6XC3Du9pFKQFNkt@bombadil.infradead.org>
Luis Chamberlain <mcgrof@kernel.org> writes:
> On Thu, Dec 22, 2022 at 08:09:38PM +0800, Schspa Shi wrote:
>>
>> Attaching the full test program in case anyone wants to add some
>> comments.
>
> Good stuff.
>
> That looks like a kernel sefltest. So you can just add it as an
> initial selftest for completion so lib/test_completion.c and extend
> lib/Kconfig.debug for a new kconfig symbol for it, and then just add
> a script on tools/testing/selftets/completion/ with a simple makefile
> which references a script which just calls modprobe. You can look at
> tools/testing/selftests/kmod/ for an example.
OK, but I want to know, is it enough to add only positive examples for
the test items here? Do we need a reverse example to prove that the
previous writing is wrong?
>
> But I still think you may want an SmPL Coccinelle grammer patch to hunt
> down other users with this pattern. The beneefit is that then you can
> use the same Coccinelle patch to also then *fix* the issue in other
> places.
>
Yes, I'm learning about SmPL, and I'll add this syntax patch later to
find more problems.
> The current uaf on umh is not something I'm terribly concerned to be
> exploited in the wild. I don't think other use cases would be easier,
> but, all this work would close the gap completely.
>
> Thanks for doing this.
>
> Luis
--
BRs
Schspa Shi
next prev parent reply other threads:[~2023-01-13 5:50 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-15 14:02 [PATCH] umh: fix UAF when the process is being killed Schspa Shi
2022-12-05 11:38 ` Schspa Shi
2022-12-12 5:10 ` Luis Chamberlain
2022-12-12 11:04 ` Schspa Shi
2022-12-12 13:38 ` Schspa Shi
2022-12-13 23:03 ` Luis Chamberlain
2022-12-14 2:28 ` Schspa Shi
2022-12-14 19:57 ` Luis Chamberlain
2022-12-15 6:16 ` Schspa Shi
2022-12-22 5:45 ` Schspa Shi
2022-12-22 6:16 ` Luis Chamberlain
2022-12-22 6:50 ` Schspa Shi
2022-12-22 11:56 ` Schspa Shi
2022-12-22 12:09 ` Schspa Shi
2022-12-23 15:01 ` Luis Chamberlain
2023-01-13 5:42 ` Schspa Shi [this message]
2023-01-24 17:39 ` Luis Chamberlain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m2cz7j7zm2.fsf@gmail.com \
--to=schspa@gmail.com \
--cc=bristot@redhat.com \
--cc=bsegall@google.com \
--cc=dietmar.eggemann@arm.com \
--cc=juri.lelli@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=mgorman@suse.de \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=syzbot+10d19d528d9755d9af22@syzkaller.appspotmail.com \
--cc=syzbot+70d5d5d83d03db2c813d@syzkaller.appspotmail.com \
--cc=syzbot+83cb0411d0fcf0a30fc1@syzkaller.appspotmail.com \
--cc=vincent.guittot@linaro.org \
--cc=vschneid@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).