Re: [PATCH for-rc 4/4] IB/hfi1: Fix regressions in security fix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Mar 29, 2021 at 11:36:09AM -0700, Ira Weiny wrote:
> On Mon, Mar 29, 2021 at 09:48:20AM -0400, dennis.dalessandro@xxxxxxxxxxxxxxxxxxxx wrote:
> > From: Mike Marciniszyn <mike.marciniszyn@xxxxxxxxxxxxxxxxxxxx>
> > 
> > The security code guards for non-current mm in all cases for
> > updating the rb tree.
> > 
> > That is ok for insert, but NOT ok for remove, since the insert
> > has already guarded the node from being inserted and the remove
> > can be called with a different mm because of a segfault other similar
> > "close" issues where current-mm is NULL.
> > 
> > Best case, is we leak pages. worst case we delete items for an lru_list
> > more than once:
> > [20945.911107] list_del corruption, ffffa0cd536bcac8->next is LIST_POISON1 (dead000000000100)
> > 
> > Fix by removing the guard from any functions that remove nodes
> > from the tree assuming the node was entered into the tree as valid since
> > the insert is guarded.
> 
> Does this open up a child process being able to remove nodes which the parent
> added?

Dennis?

Jason



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux