lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 8 Sep 2014 15:53:08 -0700
From:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:	Alan Stern <stern@...land.harvard.edu>
Cc:	Sergey Klyaus <Sergey.Klyaus@...e-IT.Ru>,
	Oliver Neukum <oneukum@...e.de>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] driver core: fix race with userland in device_add()

On Wed, Aug 06, 2014 at 04:18:38PM -0400, Alan Stern wrote:
> On Wed, 6 Aug 2014, Sergey Klyaus wrote:
> 
> > Hello.
> > 
> > I wrote a patch that fixes the problem that described above, here are a 
> > patch for 3.16.0+ kernel (cloned from GitHub today). Maybe that "if 
> > (MAJOR(dev->devt)) " part has to go even after BUS_NOTIFY_ADD_DEVICE abd 
> > KOBJ_ADD? I put it before it, because there is no rollback code in 
> > device_add() for that part.
> 
> I think this is fine.  However, I suspect the order of the other calls
> there isn't totally right.  For instance, the
> 
> 	if (parent)
> 		klist_add_tail(&dev->p->knode_parent,
> 			       &parent->p->klist_children);
> 
> part should probably be the first thing after we know the routine can't 
> abort.
> 
> I guess the time when bus_probe_device() gets called doesn't matter 
> much, because the driver might not even be loaded at this point.  But 
> what about all the dev->class stuff at the end of device_add()?  Should 
> that happen before any uevents are sent out?
> 
> Greg, have you looked at this?

I haven't, given that it's not in a format that I could apply it in,
even if I wanted to :(

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ