Oops (request_key_auth_describe) while running cve-2016-7042 from LTP

Hillf Danton hdanton at sina.com
Sat Aug 31 00:54:37 AEST 2019


David Howells <dhowells at redhat.com> wrote:
>
> Hillf Danton <hdanton at sina.com> wrote:
>
> > -	struct request_key_auth *rka = dereference_key_rcu(key);
> > +	struct request_key_auth *rka;
> > +
> > +	rcu_read_lock();
> > +	rka = dereference_key_rcu(key);
>
> This shouldn't help as the caller, proc_keys_show(), is holding the RCU read
> lock across the call.  The end of the function reads:
> and the documentation says "This method will be called with the RCU read lock
> held".
>
1, callee has no pre defined duty to help caller in general; they should
not try to do anything, however, to help their callers in principle due to
limited info on their hands IMO.
2, uses of rcu can be nested.
3, no comment can be found in security/keys/request_key_auth.c about
the rcu already documented.
4, the newly added rcu can avoid incidental messup anywhere else.

Hillf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/linuxppc-dev/attachments/20190830/86476be6/attachment.htm>


More information about the Linuxppc-dev mailing list