Re: [PATCH] pty: fix use after free of tty->driver_data

On Tue, Dec 15, 2015 at 04:05:09PM -0200, Herton R. Krzesinski wrote: > On Tue, Dec 15, 2015 at 09:36:26AM -0800, Peter Hurley wrote: > > > since in this > > > case any of the tty->driver_data can be stale, due to all references/ > > > files being closed before (files related to ptmx/pts inodes

Re: [PATCH] pty: fix use after free of tty->driver_data

On Tue, Dec 15, 2015 at 04:05:09PM -0200, Herton R. Krzesinski wrote: > On Tue, Dec 15, 2015 at 09:36:26AM -0800, Peter Hurley wrote: > > > since in this > > > case any of the tty->driver_data can be stale, due to all references/ > > > files being closed before (files related to ptmx/pts inodes

Re: [PATCH] pty: fix use after free of tty->driver_data

On 12/15/2015 12:34 PM, Herton R. Krzesinski wrote: > On Tue, Dec 15, 2015 at 11:52:14AM -0800, Peter Hurley wrote: >> On 12/15/2015 11:23 AM, Herton R. Krzesinski wrote: >>> On Tue, Dec 15, 2015 at 04:05:09PM -0200, Herton R. Krzesinski wrote: On Tue, Dec 15, 2015 at 09:36:26AM -0800, Peter

Re: [PATCH] pty: fix use after free of tty->driver_data

On Tue, Dec 15, 2015 at 11:52:14AM -0800, Peter Hurley wrote: > On 12/15/2015 11:23 AM, Herton R. Krzesinski wrote: > > On Tue, Dec 15, 2015 at 04:05:09PM -0200, Herton R. Krzesinski wrote: > >> On Tue, Dec 15, 2015 at 09:36:26AM -0800, Peter Hurley wrote: > >>> > >>> > Signed-off-by: Herton

Re: [PATCH] pty: fix use after free of tty->driver_data

On 12/15/2015 11:23 AM, Herton R. Krzesinski wrote: > On Tue, Dec 15, 2015 at 04:05:09PM -0200, Herton R. Krzesinski wrote: >> On Tue, Dec 15, 2015 at 09:36:26AM -0800, Peter Hurley wrote: >>> >>> Signed-off-by: Herton R. Krzesinski Cc: >>> >>> Afaict, the stable tag goes back to the

Re: [PATCH] pty: fix use after free of tty->driver_data

On Tue, Dec 15, 2015 at 04:05:09PM -0200, Herton R. Krzesinski wrote: > On Tue, Dec 15, 2015 at 09:36:26AM -0800, Peter Hurley wrote: > > > > > > > Signed-off-by: Herton R. Krzesinski > > > Cc: > > > > Afaict, the stable tag goes back to the original implementation. > > Did you research how

Re: [PATCH] pty: fix use after free of tty->driver_data

Hi Herton, On 12/14/2015 07:29 PM, Herton R. Krzesinski wrote: > pty_unix98_shutdown allows a potential use after free of inode from > slave tty->driver_data: if final pty close is called with slave > tty_struct, and inode was released already by devpts_pty_kill at > pty_close,

Re: [PATCH] pty: fix use after free of tty->driver_data

On Tue, Dec 15, 2015 at 09:36:26AM -0800, Peter Hurley wrote: > Hi Herton, > > On 12/14/2015 07:29 PM, Herton R. Krzesinski wrote: > > pty_unix98_shutdown allows a potential use after free of inode from > > slave tty->driver_data: if final pty close is called with slave > > tty_struct, and inode

Re: [PATCH] pty: fix use after free of tty->driver_data

On Tue, Dec 15, 2015 at 09:36:26AM -0800, Peter Hurley wrote: > Hi Herton, > > On 12/14/2015 07:29 PM, Herton R. Krzesinski wrote: > > pty_unix98_shutdown allows a potential use after free of inode from > > slave tty->driver_data: if final pty close is called with slave > > tty_struct, and inode

Re: [PATCH] pty: fix use after free of tty->driver_data

On 12/15/2015 11:23 AM, Herton R. Krzesinski wrote: > On Tue, Dec 15, 2015 at 04:05:09PM -0200, Herton R. Krzesinski wrote: >> On Tue, Dec 15, 2015 at 09:36:26AM -0800, Peter Hurley wrote: >>> >>> Signed-off-by: Herton R. Krzesinski Cc: >>>

Re: [PATCH] pty: fix use after free of tty->driver_data

Hi Herton, On 12/14/2015 07:29 PM, Herton R. Krzesinski wrote: > pty_unix98_shutdown allows a potential use after free of inode from > slave tty->driver_data: if final pty close is called with slave > tty_struct, and inode was released already by devpts_pty_kill at > pty_close,

Re: [PATCH] pty: fix use after free of tty->driver_data

On Tue, Dec 15, 2015 at 04:05:09PM -0200, Herton R. Krzesinski wrote: > On Tue, Dec 15, 2015 at 09:36:26AM -0800, Peter Hurley wrote: > > > > > > > Signed-off-by: Herton R. Krzesinski > > > Cc: > > > > Afaict, the stable tag goes back to the original

Re: [PATCH] pty: fix use after free of tty->driver_data

On Tue, Dec 15, 2015 at 11:52:14AM -0800, Peter Hurley wrote: > On 12/15/2015 11:23 AM, Herton R. Krzesinski wrote: > > On Tue, Dec 15, 2015 at 04:05:09PM -0200, Herton R. Krzesinski wrote: > >> On Tue, Dec 15, 2015 at 09:36:26AM -0800, Peter Hurley wrote: > >>> > >>> > Signed-off-by: Herton

Re: [PATCH] pty: fix use after free of tty->driver_data

On 12/15/2015 12:34 PM, Herton R. Krzesinski wrote: > On Tue, Dec 15, 2015 at 11:52:14AM -0800, Peter Hurley wrote: >> On 12/15/2015 11:23 AM, Herton R. Krzesinski wrote: >>> On Tue, Dec 15, 2015 at 04:05:09PM -0200, Herton R. Krzesinski wrote: On Tue, Dec 15, 2015 at 09:36:26AM -0800, Peter

[PATCH] pty: fix use after free of tty->driver_data

pty_unix98_shutdown allows a potential use after free of inode from slave tty->driver_data: if final pty close is called with slave tty_struct, and inode was released already by devpts_pty_kill at pty_close, pty_unix98_shutdown will access stale data. If the evicted inode is quickly reused again

[PATCH] pty: fix use after free of tty->driver_data

pty_unix98_shutdown allows a potential use after free of inode from slave tty->driver_data: if final pty close is called with slave tty_struct, and inode was released already by devpts_pty_kill at pty_close, pty_unix98_shutdown will access stale data. If the evicted inode is quickly reused again