lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <d120d5000711150715h67209747w8bce5749d072f545@mail.gmail.com>
Date:	Thu, 15 Nov 2007 10:15:50 -0500
From:	"Dmitry Torokhov" <dmitry.torokhov@...il.com>
To:	"Tomas Carnecky" <tom@...ervice.com>
Cc:	linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: statically allocated input_dev

On Nov 15, 2007 9:58 AM, Tomas Carnecky <tom@...ervice.com> wrote:
> CC: lkml, because that's a question anyone familiar with the driver
> subsystem can answer.
>
> Dmitry Torokhov wrote:
> > On Nov 15, 2007 9:20 AM, Tomas Carnecky <tom@...ervice.com> wrote:
> >> Dmitry Torokhov wrote:
> >>> No, sorry. Current object lifetime rules require input devices (as
> >>> well as platform devices) to be dynamically allocated.
> >>>
> >> Interesting, especially the 'platform device' bit, because, from
> >> ./drivers/block/floppy.c:
> >>
> >>    floppy_device[drive].name = floppy_device_name;
> >>    floppy_device[drive].id = drive;
> >>    floppy_device[drive].dev.release = floppy_device_release;
> >>
> >>    err = platform_device_register(&floppy_device[drive]);
> >>
> >> where 'floppy_device' is a static array defined as follows:
> >>
> >>    static struct platform_device floppy_device[N_DRIVE];
> >>
> >> So is that code incorrect?
> >>
> >
> > I would not look at floopy code when searching for examples ;)
> >
>
> Statically allocating platform devices works, I can register those just
> fine and I don't see any oops when loading/removing the module.

The oops will not happen when you remove the module but later.
Consider you have a process connected to /dev/input/eventX
corresponding to your input device. Opening evdev node pins in memory
(kref is taken) underlying input_dev which in turn pins parent
platform device. This does not increase your module's reference count
so it still can be unloaded. When you unload the module memory
occupied by tyou module is freed and may be reused for something else.

Now the process that had event device opened decides to close it. This
causes krefs dropped from parent input device and platform device
structures. Cleanup routines will run trying to scrub everything
clean, writing either into freed memory, or, even worse, into memory
now occupied by somethign else. BOOM!

> Even
> though there are no signs of breakage, should I change my code anyway?
>

Yes.

> I'm trying to keep the code as simple as possible. The platform device,
> platform driver and the input device will live only as long as the
> module is loaded. There is nothing else that would rely or depend on my
> driver. Any advices you can give? Or is there nothing that I could use
> to keep the code simple?
>

Make the structures dynamically alloocated and feel safe from any
changes in refcounting between underlying objects.

-- 
Dmitry
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ