lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 11 Apr 2008 08:50:27 +0200
From:	Uwe Kleine-König <Uwe.Kleine-Koenig@...i.com>
To:	"Hans J. Koch" <hjk@...utronix.de>
Cc:	Greg Kroah-Hartman <gregkh@...e.de>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/4] UIO: hold a reference to the device's owner while the device is open

Hello,

Hans J. Koch wrote:
> On Thu, Apr 10, 2008 at 02:37:00PM +0200, Uwe Kleine-König wrote:
> > Otherwise the device might just disappear while /dev/uioX is being used
> > which results in an Oops.
> 
> And I'd like to hear Greg's opinion: Do you agree we can omit
> try_module_get() in uio_mmap()?
As Greg already pointed out, mmap only works for open files and so the
reference is already hold there.
 
> >  	if (idev->info->open) {
> > -		if (!try_module_get(idev->owner))
> > -			return -ENODEV;
> >  		ret = idev->info->open(idev->info, inode);
> > -		module_put(idev->owner);
> > -	}
> > +		if (ret) {
> > +			kfree(listener);
> > +err_alloc_listener:
> >  
> > -	if (ret)
> > -		kfree(listener);
> > +			module_put(idev->owner);
> > +err_module_get:
> >  
> > -	return ret;
> > +			return ret;
> > +		}
> > +	}
> > +
> > +	return 0;
> >  }
> 
> I really don't like these labels inside the if-block. I find it hard to
> read. What about this:
> 
> 
> if (idev->info->open) {
> 	ret = idev->info->open(idev->info, inode);
> 	if (ret)
> 		kfree(listener);
> 	return ret;
> }
> 
> err_alloc_listener:
> 	module_put(idev->owner);
> err_module_get:
> 	return ret;
With that you leak a reference to idev->owner if idev->info->open() fails.
Things like that don't happen that easy if all error handing is in one
place.
 
> The label err_module_get should probably be omitted because it's used only
> once and has just one line of code. You could simply write "return ret"
> instead of "goto err_module_get".
This makes code shuffling easier.  For example if someone decides that
try_module_get should be done after allocating listener then you only
have to exchange the two corresponding code blocks and the two groups
(label + cleanup) in the error handling block.
If the error handling is spread over the whole functions you can easily
miss something---as happend above. :-)

Best regards
Uwe

-- 
Uwe Kleine-König, Software Engineer
Digi International GmbH Branch Breisach, Küferstrasse 8, 79206 Breisach, Germany
Tax: 315/5781/0242 / VAT: DE153662976 / Reg. Amtsgericht Dortmund HRB 13962
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists