| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 Apr 2007 16:18:50 -0400 From: "Dmitry Torokhov" <dmitry.torokhov@...il.com> To: "Greg KH" <greg@...ah.com> Cc: "Alan Stern" <stern@...land.harvard.edu>, "Cornelia Huck" <cornelia.huck@...ibm.com>, linux-kernel <linux-kernel@...r.kernel.org>, "Tejun Heo" <htejun@...il.com>, "Rusty Russell" <rusty@...tcorp.com.au> Subject: Re: [Patch -mm 0/3] RFC: module unloading vs. release function On 4/16/07, Greg KH <greg@...ah.com> wrote: > On Mon, Apr 16, 2007 at 03:47:13PM -0400, Dmitry Torokhov wrote: > > On 4/16/07, Alan Stern <stern@...land.harvard.edu> wrote: > > >On Mon, 16 Apr 2007, Dmitry Torokhov wrote: > > > > > >> On 4/16/07, Cornelia Huck <cornelia.huck@...ibm.com> wrote: > > >> > Hi, > > >> > > > >> > based on the discussion in "How should an exit routine wait for > > >> > release() callbacks?", I've cooked up some patches that make module > > >> > unload wait until the last reference for a kobject has been dropped. > > >> > This should plug the "release function in already deleted module" race; > > >> > however, if the last kobject_put() from the module containing the > > >> > release function is not in the module's exit function, there's still a > > >> > small window (not sure if and how to plug this). > > >> > > >> Unfortunately all this "wait for refcount in module's exit" schemas > > >> lead to the following deadlock: > > >> > > >> rmmod my_module < /path/to/some/file/incrementing/my/refcount > > > > > >(Note that this problem will be a lot harder to provoke once Tejun's > > >changes to sysfs are in place. But it will still be possible, unless we > > >make similar changes to all the other filesystems as well.) > > > > > >There are three possible approaches to this problem: > > > > > > 1. Ignore it, as we do now. If someone actually tries running your > > > example above, an oops will result when the kobject's release > > > method is called after my_module has been unloaded from memory. > > > > > > 2. Do what Cornelia suggested, and allow the example to deadlock. > > > > > > 3. Change the module code so that rmmod can return _before_ the > > > module is actually unloaded from memory (but after the module's > > > exit routine has completed). This will lead to more problems. > > > For example, what if someone tries to modprobe my_module back > > > again before it has finished unloading? > > > > > >My feeling is that either a deadlock or more complications with modprobe > > >would be preferable to an oops. Your opinion may differ. > > > > > > > What about 4: > > > > When registering an [k]object increment refcount of module that > > provides ->release() function. > > > > That would normally require ->release function to be placed on > > subsystem level to allow unloading individual devices. > > But that would also mean that a lot of modules that want to be able to > be released whenever they want to today, not be allowed to (network > drivers, etc.) > No, only the core module has to stay. For example, every time you register an input device you pin input.ko as it is the module that provides ->release() method for input devices. You can freely unload psmouse, or hid or your favorite joystick but input has to stay until last reference to the input device is dropped. serio and gameport work the same way. I think the requirement that one is not able to unload a core subsystem module untill all users are dropped off is ok - you can't unload it anyway until you unload all drivers that reference its exported functions and once you unload all the drivers data objects will drop off pretty quickly. -- Dmitry - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists