lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1195232695.2533.120.camel@shinybook.infradead.org>
Date:	Fri, 16 Nov 2007 12:04:55 -0500
From:	David Woodhouse <dwmw2@...radead.org>
To:	Alan Stern <stern@...land.harvard.edu>
Cc:	Greg KH <greg@...ah.com>,
	USB development list <linux-usb-devel@...ts.sourceforge.net>,
	Kernel development list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] Driver core: fix race in __device_release_driver


On Fri, 2007-11-16 at 11:57 -0500, Alan Stern wrote:
> This patch (as1013) was suggested by David Woodhouse; it fixes a race
> in the driver core.  If a device is unregistered at the same time as
> its driver is unloaded, the driver's code pages may be unmapped while
> the remove method is still running.  The calls to get_driver() and
> put_driver() were intended to prevent this, but they don't work if the
> driver's module count has already dropped to 0.
> 
> Instead, the patch keeps the device on the driver's list until after
> the remove method has returned.  This forces the necessary
> synchronization to occur.
> 
> Signed-off-by: Alan Stern <stern@...land.harvard.edu>
> CC: David Woodhouse <dwmw2@...radead.org>

Since we're submitting it rather than just using it to explain the
problem, I suppose I should add:
Signed-off-by: David Woodhouse <dwmw2@...radead.org>

> ---
> 
> This should be considered for 2.6.24.
> 
> 
> Index: usb-2.6/drivers/base/dd.c
> ===================================================================
> --- usb-2.6.orig/drivers/base/dd.c
> +++ usb-2.6/drivers/base/dd.c
> @@ -289,11 +289,10 @@ static void __device_release_driver(stru
>  {
>  	struct device_driver * drv;
>  
> -	drv = get_driver(dev->driver);
> +	drv = dev->driver;
>  	if (drv) {
>  		driver_sysfs_remove(dev);
>  		sysfs_remove_link(&dev->kobj, "driver");
> -		klist_remove(&dev->knode_driver);
>  
>  		if (dev->bus)
>  			blocking_notifier_call_chain(&dev->bus->p->bus_notifier,
> @@ -306,7 +305,7 @@ static void __device_release_driver(stru
>  			drv->remove(dev);
>  		devres_release_all(dev);
>  		dev->driver = NULL;
> -		put_driver(drv);
> +		klist_remove(&dev->knode_driver);
>  	}
>  }
>  
> 
-- 
dwmw2

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ