[PATCH 0/2] finx argv_split() vs sysctl race
From: Oleg Nesterov
Date: Sat Mar 16 2013 - 16:26:06 EST
On 03/15, Oleg Nesterov wrote:
> To remind, say, argv_split(poweroff_cmd) can race with sysctl changing this
> string, in this case it can write to the memory after argv array. We can
> fix this, or we can rewrite argv_split/free:
OK, please see 1/2.
And this reminds me about set_task_comm() which pretends it does something
meaningful for the reader of the mutable ->comm, see the offtopic 2/2.
> But, whatever we do with argv_split(), it can hit the string "in between".
> Personally I think we do not really care, but...
> Perhaps we should add proc_dostring_lock() which takes some lock and
> modify the callers of argv_split() (or add argv_split_lock) ?
> Or perhaps we should introduce the rwsem which should protect every
> sysctl-string and proc_dostring() should take this lock?
Please tell me if you think we should do something with that.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/