lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 4 Dec 2009 21:37:46 -0500 (EST)
From:	Alan Stern <stern@...land.harvard.edu>
To:	Greg KH <gregkh@...e.de>
cc:	Dmitry Torokhov <dmitry.torokhov@...il.com>,
	Oliver Neukum <oliver@...kum.org>, <stable@...nel.org>,
	Rickard Bellini <rickard.bellini@...csson.com>,
	"linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
	Torgny Johansson <torgny.johansson@...csson.com>,
	Kernel development list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] Driver core: fix race in dev_driver_string

On Fri, 4 Dec 2009, Greg KH wrote:

> On Fri, Dec 04, 2009 at 06:50:35PM -0500, Alan Stern wrote:
> > On Fri, 4 Dec 2009, Dmitry Torokhov wrote:
> > 
> > > > Maybe reference counting is inelegant; it depends on your point of
> > > > view.  Can you think of a more elegant way to make sure that a pointer
> > > > isn't stale?
> > > 
> > > Yes, just say "no" to device_create() and friends.
> > 
> > device_create() wasn't used in the case Oliver is discussing.
> 
> It was implied, as you had a pointer to the device, not the device
> itself.

Not necessarily.  For example, the serial drivers have pointers to 
struct tty, not the tty structures themselves.  That doesn't imply the 
tty structures were constructed using device_create().

> > >  Embed device structure in
> > > yours,
> > 
> > You can't do that when the device structure wasn't created by your 
> > driver.
> 
> But for USB devices, it is part of the device you are handed.  Same goes
> for PCI devices, and most other types of drivers, right?

Yes.  Dmitry's word "yours" is ambiguous here.  It's true that struct
pci_device contains an embedded struct device.  But for example, struct
ehci_hcd doesn't -- even when the EHCI controller is a PCI device.  So
if you are the ehci-hcd driver, which structure is "yours": the struct
pci_device or the struct ehci_hcd?

> > >  be mindful of lifetime rules and only use "your" device (i.e device
> > > bound to your driver).
> > 
> > What do you mean by "use"?  In Oliver's case he wasn't using the
> > device, he was using the device structure.  (Maybe that's what you
> > meant.)
> 
> I think that is what is meant here.
> 
> > And he wanted to use it at a time when it wasn't bound to his
> > driver, because userspace still had an open file reference to it.  
> > There isn't really any way around this.
> 
> But you still have a valid device, just not maybe a driver bound to it.

If a driver isn't bound to it then you don't know whether the device
structure is valid or not.  It could have been deallocated.  Unless
you have taken a reference to it -- then you know.

Alan Stern

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ