lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 16 Dec 2008 20:13:34 -0500
From:	Neil Horman <nhorman@...driver.com>
To:	Jesse Barnes <jbarnes@...tuousgeek.org>
Cc:	greg@...ah.com, linux-pci@...r.kernel.org,
	linux-kernel@...r.kernel.org, akpm@...ux-foundation.org
Subject: Re: [PATCH] ibmphp: Fix module ref count underflow

On Tue, Dec 16, 2008 at 12:52:50PM -0800, Jesse Barnes wrote:
> On Tuesday, December 16, 2008 11:56 am Neil Horman wrote:
> > On Tue, Dec 16, 2008 at 10:42:08AM -0800, Jesse Barnes wrote:
> > > On Wednesday, December 10, 2008 11:43 am Neil Horman wrote:
> > > > Hey-
> > > > 	I happened to notice that the ibmphp hotplug driver does something
> > > > rather silly in its init routine.  It purposely calls module_put so as
> > > > to underflow its module ref count to avoid being removed from the
> > > > kernel. This is bad practice, and wrong, since it provides a window for
> > > > subsequent module_gets to reset the refcount to zero, allowing an
> > > > unload to race in and cause all sorts of mysterious panics.  If the
> > > > module is unsafe to load, it should inform the kernel as such with a
> > > > call to __unsafe.  The patch below does that.
> > >
> > > Thanks Neil, applied this to my for-linus branch since it sounds
> > > potentially serious (but also low risk since who uses ibmphp anymore? :)
> >
> > Dang it!  Sorry, Jesse.  Yes, youre absolutely right, it is low risk.  It
> > really just a bit of sillyness all around.
> >
> > Unfortunately, I took part in the sillyness.  The problem was reported to
> > me on RHEL, and I tested there, without checking upstream too closely.  As 
> > aresult, the patch I gave you is a bit out of date, and won't compile. 
> > I've tested the new patch here much more closely.  apologies.  I informed
> > akpm who was looking at it, but neglected to copy you.
> >
> > This patch corrects the same problem in that it prevents module unloads in
> > a sane fashion, by not registering an exit routine
> >
> > Signed-off-by: Neil Horman <nhorman@...driver.com>
> 
> Ah was just doing my testing & building now so I would have caught it in a 
> minute. :)  I'll replace the patch I have with this one, thanks.
> 
> Jesse
> 
Thank you, that matches what Andrew has in his tree.  Apologies for the noise
Neil

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ