Re: [PATCH] kernel/kmod: fix use-after-free of the sub_infostructure

[Oleg Nesterov]

On 10/17, Tetsuo Handa wrote:
>
> Ah, I see. Here is a draft of an updated patch.

Do you mean this part

	>  	sub_info->retval = retval;
	> +	/* wait_for_helper() will call umh_complete() if UMH_WAIT_PROC. */
	> +	if (wait != UMH_WAIT_PROC)
	> +		umh_complete(sub_info);
	> +	if (!retval)
	> +		return 0;
	>  	do_exit(0);
	>  }

?

Personally I agree, this looks a bit better to me. But this is cosmetic
and subjective, I leave this to Martin ;)

I also agree that the changelog could mention exec_mmap. Plus a comment
about UMH_NO_WAIT && sub_info->complete == NULL. So yes, perhaps v2 makes
sense if Martin agrees.

> By the way, it seems to me that nothing prevents
>
>         if (info->cleanup)
>                 (*info->cleanup)(info);
>
> from crashing when info->cleanup points to a function in a loadable kernel
> module and the loadable kernel module got unloaded before the worker thread
> calls call_usermodehelper_freeinfo().

Just don't do this? I mean, in this case the caller of call_usermodehelper()
is obviously buggy? Or I missed your point?

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/