[Bug 266101] ucred reference count may overflow

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 266101] ucred reference count may overflow"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 266101] ucred reference count may overflow"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 266101] ucred reference count concerns"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 29 Aug 2022 16:21:29 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266101

            Bug ID: 266101
           Summary: ucred reference count may overflow
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: emaste@freebsd.org

The refcount(9) API mitigates reference count overflow (by changing it into a
leak) as of 0b21d8949934 ("Handle refcount(9) wraparound.")

As of 1724c563e62f ("cred: distribute reference count per thread") ucred
handling (crhold etc.) does not use refcount(9), and so is vulnerable to
reference count overflow. See for example
https://accessvector.net/2022/freebsd-aio-lpe

Need to either use refcount(9) or add explicit overflow handling.

-- 
You are receiving this mail because:
You are the assignee for the bug.