lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 10 May 2007 18:18:36 +0200
From:	Tejun Heo <htejun@...il.com>
To:	Alan Stern <stern@...land.harvard.edu>
CC:	Greg KH <greg@...ah.com>, Chris Rankin <rankincj@...oo.com>,
	linux-usb-devel@...ts.sourceforge.net,
	linux-kernel <linux-kernel@...r.kernel.org>, stable@...nel.org
Subject: Re: [PATCH] driver-core: don't free devt_attr till the device is
 released

Alan Stern wrote:
> On Thu, 10 May 2007, Tejun Heo wrote:
> 
>> Currently, devt_attr for the "dev" file is freed immediately on device
>> removal, but if the "dev" sysfs file is open when a device is removed,
>> sysfs will access its attribute structure for further access including
>> close resulting in jumping to garbled address.  Fix it by postponing
>> freeing devt_attr to device release time.
>>
>> Note that devt_attr for class_device is already freed on release.
>>
>> This bug is reported by Chris Rankin as bugzilla bug#8198.
>>
>> Signed-off-by: Tejun Heo <htejun@...il.com>
>> Cc: Chris Rankin <rankincj@...oo.com>
>> ---
>> Applies well to 2.6.20 and 21.  As sysfs-immediate-disconnect doesn't
>> seem to be included in 2.6.22, this should be included in linus#master
>> too (applies well there as well).
> 
> Although sysfs-immediate-disconnect may not be included in 2.6.22, the old 
> attribute-orphan code by Oliver Neukum is present there and also in 
> 2.6.21.  Shouldn't that suffice?

sysfs_release() still needs to deference attr->owner to put it, so I
think there's the same problem even with attribute-orphan.  We end up
calling module_put() on garbage.

-- 
tejun
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ