| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Nov 2007 10:15:50 -0500 From: "Dmitry Torokhov" <dmitry.torokhov@...il.com> To: "Tomas Carnecky" <tom@...ervice.com> Cc: linux-kernel <linux-kernel@...r.kernel.org> Subject: Re: statically allocated input_dev On Nov 15, 2007 9:58 AM, Tomas Carnecky <tom@...ervice.com> wrote: > CC: lkml, because that's a question anyone familiar with the driver > subsystem can answer. > > Dmitry Torokhov wrote: > > On Nov 15, 2007 9:20 AM, Tomas Carnecky <tom@...ervice.com> wrote: > >> Dmitry Torokhov wrote: > >>> No, sorry. Current object lifetime rules require input devices (as > >>> well as platform devices) to be dynamically allocated. > >>> > >> Interesting, especially the 'platform device' bit, because, from > >> ./drivers/block/floppy.c: > >> > >> floppy_device[drive].name = floppy_device_name; > >> floppy_device[drive].id = drive; > >> floppy_device[drive].dev.release = floppy_device_release; > >> > >> err = platform_device_register(&floppy_device[drive]); > >> > >> where 'floppy_device' is a static array defined as follows: > >> > >> static struct platform_device floppy_device[N_DRIVE]; > >> > >> So is that code incorrect? > >> > > > > I would not look at floopy code when searching for examples ;) > > > > Statically allocating platform devices works, I can register those just > fine and I don't see any oops when loading/removing the module. The oops will not happen when you remove the module but later. Consider you have a process connected to /dev/input/eventX corresponding to your input device. Opening evdev node pins in memory (kref is taken) underlying input_dev which in turn pins parent platform device. This does not increase your module's reference count so it still can be unloaded. When you unload the module memory occupied by tyou module is freed and may be reused for something else. Now the process that had event device opened decides to close it. This causes krefs dropped from parent input device and platform device structures. Cleanup routines will run trying to scrub everything clean, writing either into freed memory, or, even worse, into memory now occupied by somethign else. BOOM! > Even > though there are no signs of breakage, should I change my code anyway? > Yes. > I'm trying to keep the code as simple as possible. The platform device, > platform driver and the input device will live only as long as the > module is loaded. There is nothing else that would rely or depend on my > driver. Any advices you can give? Or is there nothing that I could use > to keep the code simple? > Make the structures dynamically alloocated and feel safe from any changes in refcounting between underlying objects. -- Dmitry - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists