Re: crypto: use-after-free in hash_sock_destruct_common

From: Dmitry Vyukov
Date: Wed Jan 13 2016 - 05:27:49 EST

Next message: Sebastian Andrzej Siewior: "Re: [linux-rt-devel:for-kbuild-bot/prepare-release 32/256] warning: (DEBUG_ATOMIC_SLEEP) selects PREEMPT_COUNT which has unmet direct dependencies (COLDFIRE)"
Previous message: Vitaly Kuznetsov: "Re: [PATCH v2 2/2] memory-hotplug: keep the request_resource() error code"
In reply to: Herbert Xu: "[PATCH 4/4] crypto: af_alg - Forbid bind(2) when nokey child sockets are present"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 13, 2016 at 11:25 AM, Dmitry Vyukov <dvyukov@xxxxxxxxxx> wrote:
> On Wed, Jan 13, 2016 at 7:57 AM, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> wrote:
>>
>> On Tue, Jan 12, 2016 at 07:31:03PM +0100, Dmitry Vyukov wrote:
>> >
>> > The following program triggers use-after-free in
>> > hash_sock_destruct_common. This is on master of
>> > git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git
>> > (cd7e98414462b9db70067ac29896c58210b13b69). I've also seen a similar
>> > crash in skcipher_sock_destruct_common.
>>
>> OK the new compatibility nokey path introduced some new problems.
>> Please try the following patches.
>
>
> Yes, these 4 patches fix the crash for me. Thanks for quick fix!
>
> Tested-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx>

Oops, resending as plain text.

Next message: Sebastian Andrzej Siewior: "Re: [linux-rt-devel:for-kbuild-bot/prepare-release 32/256] warning: (DEBUG_ATOMIC_SLEEP) selects PREEMPT_COUNT which has unmet direct dependencies (COLDFIRE)"
Previous message: Vitaly Kuznetsov: "Re: [PATCH v2 2/2] memory-hotplug: keep the request_resource() error code"
In reply to: Herbert Xu: "[PATCH 4/4] crypto: af_alg - Forbid bind(2) when nokey child sockets are present"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]