Re: [PATCH] kernel/kmod: fix use-after-free of the sub_infostructure
From: Oleg Nesterov
Date: Fri Oct 17 2014 - 11:25:29 EST
On 10/17, Martin Schwidefsky wrote:
>
> On Thu, 16 Oct 2014 23:58:34 +0200
> Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
>
> > I also agree that the changelog could mention exec_mmap. Plus a comment
> > about UMH_NO_WAIT && sub_info->complete == NULL. So yes, perhaps v2 makes
> > sense if Martin agrees.
>
> Version 2 of the patch.
Thanks!
> All change requests have gone in except for the
> mention of exec_mmap. I don't quite get the relevance of it, do_execve
> can fail for the various reasons.
Yes. But if it fails before exec_mmap() (which in particular calls
mm_release()->complete_vfork_done()) we are safe; sub_info can't go away
because the parent sleeps in sys_wait4() if UMH_WAIT_PROC, or it sleeps
in wait_for_vfork_done() otherwise.
But this is minor, and this only relates to the changelog. So still/again
Reviewed-by: Oleg Nesterov <oleg@xxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/