| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4641D6A2.8070406@gmail.com> Date: Wed, 09 May 2007 16:11:46 +0200 From: Tejun Heo <htejun@...il.com> To: Chris Rankin <rankincj@...oo.com> CC: Alan Stern <stern@...land.harvard.edu>, linux-usb-devel@...ts.sourceforge.net, linux-kernel <linux-kernel@...r.kernel.org>, Greg K-H <greg@...ah.com>, maneesh@...ibm.com, Dmitry Torokhov <dmitry.torokhov@...il.com>, "cornelia.huck@...ibm.com >> Cornelia Huck" <cornelia.huck@...ibm.com> Subject: Re: [linux-usb-devel] Bug creating USB endpoints in 2.6.20.x (kernel bug 8198) Chris Rankin wrote: > --- Tejun Heo <htejun@...il.com> wrote: >> Okay, here's a half-assed fix. With this patch applied, if you try to >> unload a module while you're opening it's dev attribute, kernel will >> oops later when the file is accessed or closed later but it should fix >> the bug winecfg triggers. I really dunno how to fix this the right way >> in the stable kernel. Better ideas? Anyone? > > How about a WARN() and a small(?) memory leak? Better than an oops, surely? Device node creation/deletion can be quite often depending on configuration, so I don't think we can afford memory leak here. It can develop into a big problem for long running hosts. IMHO, just introducing module unload/deletion race is much better. It's the lesser evil, difficult to trigger and already broken in other places anyway. I think we need to hear what other people are thinking about it. Cc'ing Maneesh, Dmitry and Cornelia. The whole thread can be read at... http://thread.gmane.org/gmane.linux.usb.devel/53559 http://thread.gmane.org/gmane.linux.usb.devel/53846 The thread is rather long but just reading the message from the second URL should be enough. The problem is that dev->devt_attr (class dev has the same problem) is deallocated when the device is deleted. If the dev sysfs attribute has users at that point, the dev sysfs node is left with garbled struct attribute causing oops later. IMHO, the proper fix for this is immediate-disconnect which is no in -mm as the problem is caused by expecting immediate-disconnect behavior when it isn't implemented. As written above, I think it's better to risk module unload / sysfs race than keeping the current sysfs deletion / open race. What do you guys think? Thanks. -- tejun - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists