Received: by 2002:ac0:e350:0:0:0:0:0 with SMTP id g16csp192127imn; Thu, 4 Aug 2022 02:04:16 -0700 (PDT) X-Google-Smtp-Source: AA6agR5wrdfpsWT8G7Y0R+geSPIUXqOQ01EEAN2vYmb3vw0IhE0qafl47U0T/xCoVU+5w1yAIr7J X-Received: by 2002:a17:907:1dee:b0:730:b7d9:626 with SMTP id og46-20020a1709071dee00b00730b7d90626mr675111ejc.135.1659603855908; Thu, 04 Aug 2022 02:04:15 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1659603855; cv=pass; d=google.com; s=arc-20160816; b=GUPbkDIMZJJJFgWpcjhN2W72Sw1sYnw8DNc/z0Tjo0XxYRHEcBR0R/zk5hqTf6Kqd1 nbmik5UjJ8e8aj2vmMeQOhQeBFPPVV/4TkYiAmfca7rIp7tNGVy9W91aITq+1GVq/wYX mW0n/pLo3erTKqG40LktMW+cyihEog/PfezKfHqORjZJtyr5A1lmPF/CjvT51Tb6OPT1 PxMbuuwySsV3KcLSlQss1t7KD8OfEDGvy++7GIOtBv8hZgx45p/wPRjZjODzJH0MTSyN mQqn9ZlUlRKQvZtpn2BiVWqN1rCFUCwVGCqV8FmJqZZ/SsTbDsoUvSZusnvxH4aLASzo +PVA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:importance:content-transfer-encoding :mime-version:subject:references:in-reply-to:message-id:cc:to:from :date:dkim-signature; bh=r2MuNRxKA7fyF0B0LyObbHN/r25kRQ6vAlitFSyZznY=; b=WBDL8QhFeU8orKLq781txsBR9H/2qJTPozREfVd7iCAberqcADftx3WGPQUCCSWIFQ YxY8egZeEY2/vWh/K94OFgx0FAhvTR2P2l6WOq1q8J1Ylk1zYDfydKAIw8YzC68VNtvc oJHRBbV1BT5xifGaaPr+k3Q8ms1D8ISgex0VewBXt9foRjtEfTb0UQDa6Y2siHxRzXj2 58gUe5i37bTZ4hm/y42mnLwiwYZ3yOBMg/g2z/jmSjEg1plLDHaX7A4cKOnNsoz//Sj9 pV7jST8OOpMYDGrSH1Rv95EtnW+C9qsV1ad0C355kF8Qk/bJmdBBRgNaWlsqO8/wmWgU +McA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@siddh.me header.s=zmail header.b=T0BsybSA; arc=pass (i=1 spf=pass spfdomain=siddh.me dkim=pass dkdomain=siddh.me dmarc=pass fromdomain=siddh.me>); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siddh.me Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z11-20020a056402274b00b0043d97826c54si647167edd.501.2022.08.04.02.03.43; Thu, 04 Aug 2022 02:04:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@siddh.me header.s=zmail header.b=T0BsybSA; arc=pass (i=1 spf=pass spfdomain=siddh.me dkim=pass dkdomain=siddh.me dmarc=pass fromdomain=siddh.me>); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siddh.me Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239161AbiHDIkq (ORCPT + 99 others); Thu, 4 Aug 2022 04:40:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46240 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232031AbiHDIko (ORCPT ); Thu, 4 Aug 2022 04:40:44 -0400 Received: from sender-of-o53.zoho.in (sender-of-o53.zoho.in [103.117.158.53]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A257022B2C; Thu, 4 Aug 2022 01:40:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659602405; cv=none; d=zohomail.in; s=zohoarc; b=HRa3cgBUGDhLJOtXf2p82GY0rr1az36E7wc+47StGrLH24UiWFXG02fYWxBaIkRwq4b6HktX88yLGouzmORH98fcPv34XoxZSUkd9ALyKhkdMrO6IavL66N9GhRKAv9CeB+KaSf+fozh9nMccDG2w7ZB7oGgZar3TWS9XP8bbEc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.in; s=zohoarc; t=1659602405; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=r2MuNRxKA7fyF0B0LyObbHN/r25kRQ6vAlitFSyZznY=; b=M45y1dKNyTY6JZnb43I7pv82XRyC3YLpg0KUU3Z2jYxw4jUzWFL3SRIhgb1YgsCzgrEqGtum2r95MDP7DKrwTAXsGA2hMLk9Yil1KwgTRC7vfKSgk51gpve5kIJ8/hqq6eOqzK1kBfWKlkQGLz0Il1YEdPLhawnMXipl5Cj0pUo= ARC-Authentication-Results: i=1; mx.zohomail.in; dkim=pass header.i=siddh.me; spf=pass smtp.mailfrom=code@siddh.me; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1659602405; s=zmail; d=siddh.me; i=code@siddh.me; h=Date:Date:From:From:To:To:Cc:Cc:Message-ID:In-Reply-To:References:Subject:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-Id:Reply-To; bh=r2MuNRxKA7fyF0B0LyObbHN/r25kRQ6vAlitFSyZznY=; b=T0BsybSAEPB/jwKl7nOSOJlUl9RcaSNLbHjm5I6vh4QRQfBm0T0UuTdRR9LJmJMt jtJKYRrEWjDEh0edLVRQFLlYfJySlysO818hkuy3jjbnaGZPjWFIsUtZeVTL805Txbj d57YVkn/WeDCN0HwAykHwjczjl1VaQ3Ln1wL5zdU= Received: from mail.zoho.in by mx.zoho.in with SMTP id 1659602376436867.9051997344565; Thu, 4 Aug 2022 14:09:36 +0530 (IST) Date: Thu, 04 Aug 2022 14:09:36 +0530 From: Siddh Raman Pant To: "Eric Biggers" Cc: "David Howells" , "Christophe JAILLET" , "Eric Dumazet" , "Fabio M. De Francesco" , "linux-security-modules" , "linux-kernel" , "linux-kernel-mentees" , "syzbot+c70d87ac1d001f29a058" Message-ID: <182680296de.8276ed8742454.8804921618540697946@siddh.me> In-Reply-To: References: <20220728155121.12145-1-code@siddh.me> <18261d8a63a.33799d2a402802.7512018232560408914@siddh.me> <182621f8dca.1e0e6161130907.1470656861897824669@siddh.me> <18262dcb20e.4bf31faa421018.1228982721921458740@siddh.me> Subject: Re: [PATCH v3] kernel/watch_queue: Make pipe NULL while clearing watch_queue MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Importance: Medium User-Agent: Zoho Mail X-Mailer: Zoho Mail X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,URIBL_RED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 03 Aug 2022 23:45:31 +0530 Eric Biggers wrote: > Well, you should try listening instead. Because you are not listening. Sorry for that, never meant to come across like that. > Even if wqueue->pipe was set to NULL during free_pipe_info(), there would still > have been a use-after-free, as the real bug was the lack of synchronization > between post_one_notification() and free_pipe_info(). That is fixed now. Okay, noted. > To re-iterate, I encourage you to send a cleanup patch if you see an > opportunity. It looks like the state wqueue->defunct==true could be replaced > with wqueue->pipe==NULL, which would be simpler, so how about doing that? Just > don't claim that it is "fixing" something, unless it is, as that makes things > very confusing and difficult for everyone. Okay, I will do that. That actually seems like a plausible thing to do, in v2 convo, David Howells had also remarked similarly about `defunct` to a reply. https://lore.kernel.org/linux-kernel/3565221.1658933355@warthog.procyon.org.uk/ > A reproducer can just be written as a normal program, in C or another language. > The syzkaller reproducers are really hard to read as they are auto-generated, so > don't read too much into them -- they're certainly not examples of good code. > > - Eric Okay, noted. Thanks for your patience, I probably annoyed you. Thanks, Siddh