lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 08 Jan 2009 07:27:36 +0100
From:	Németh Márton <nm127@...email.hu>
To:	LKML <linux-kernel@...r.kernel.org>
Subject: Re: pair of alloc_disk()? + OOPS

Németh Márton wrote:
> Németh Márton wrote:
>> Hi,
>>
>> I cannot find free_disk() or similar function which takes "struct gendisk"
>> as a parameter and can do the reverse thing what alloc_disk() do.
>>
>> Could you please give me a hint what would be the correct function call
>> in the following example in test_exit_module() so the module do not leak?
>>
>>
>> #include <linux/module.h>
>> #include <linux/genhd.h>
>>
>> MODULE_AUTHOR("Márton Németh <nm127@...email.hu>");
>> MODULE_DESCRIPTION("Test alloc_disk");
>> MODULE_LICENSE("GPL");
>>
>> static struct gendisk *gd_ptr;
>>
>> static int test_init_module(void)
>> {
>>         printk(KERN_DEBUG "starting module\n");
>>
>>         gd_ptr = alloc_disk(1);
>>         if (!gd_ptr) {
>>                 return -ENOMEM;
>>         }
>>
>>         printk(KERN_DEBUG "gd_ptr after alloc=%p\n", gd_ptr);
>>
>>         return 0;
>> }
>>
>>
>> static void test_exit_module(void)
>> {
>>         printk(KERN_DEBUG "unloading module\n");
>>
>>         /* FIXME: no free_disk(gd_ptr) is available */
>> }
>>
>> module_init(test_init_module);
>> module_exit(test_exit_module);
> 
> I found a solution in "Linux Device Drivers, Third Edition", in chapter 16
> "Block drivers" (page 468) where del_gendisk() is mentioned, so the
> test_exit_module() should look like:
> 
> static void test_exit_module(void)
> {
>         printk(KERN_DEBUG "unloading module\n");
> 
>         del_gendisk(gd_ptr);
> 
> }
> 
> However, when I unload this module (also attached), I get the following
> oops message in dmesg with kernel 2.6.28:
> 
> [ 2164.859107] starting module
> [ 2164.859132] gd_ptr after alloc=f60f2a30
> [ 2246.611974] unloading module
> [ 2246.612648] BUG: unable to handle kernel NULL pointer dereference at 00000164
> [ 2246.612666] IP: [<c0172266>] bdi_unregister+0x6/0x30
> [ 2246.612684] *pde = 00000000
> [ 2246.612694] Oops: 0000 [#1] PREEMPT
> [ 2246.612703] last sysfs file: /sys/class/power_supply/BAT0/charge_full
> [ 2246.612711] Modules linked in: test_alloc_disk(-) nls_iso8859_2 nls_cp437 vfat fat nls_base sd_mod usb_storage scsi_mod ppdev lp cpufreq_ondemand
> cpufreq_conservative ipv6 xt_tcpudp iptable_filter ip_tables x_tables leds_clevo_mail led_class via via_agp drm agpgart eeprom snd_pcm_oss snd_mixer_oss
> cpufreq_userspace cpufreq_powersave powernow_k8 fan snd_via82xx snd_via82xx_modem snd_mpu401_uart snd_seq_midi snd_seq_midi_event pcmcia firmware_class
> snd_ac97_codec ac97_bus mousedev snd_rawmidi snd_pcm snd_seq snd_timer snd_seq_device ide_cd_mod snd i2c_viapro yenta_socket rsrc_nonstatic 8139too psmouse
> serio_raw k8temp hwmon pcspkr cdrom snd_page_alloc soundcore 8250_pnp i2c_core ehci_hcd uhci_hcd pcmcia_core usbcore mii bitrev crc32 video backlight output
> 8250 serial_core parport_pc parport battery ac thermal button processor evdev
> [ 2246.612866]
> [ 2246.612874] Pid: 5121, comm: rmmod Not tainted (2.6.28 #3) K8N800
> [ 2246.612881] EIP: 0060:[<c0172266>] EFLAGS: 00210206 CPU: 0
> [ 2246.612889] EIP is at bdi_unregister+0x6/0x30
> [ 2246.612895] EAX: 000000fc EBX: 000000fc ECX: f60f2b48 EDX: c03cb301
> [ 2246.612901] ESI: f60f2a30 EDI: f60f2c78 EBP: d348df10 ESP: d348df0c
> [ 2246.612908]  DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
> [ 2246.612915] Process rmmod (pid: 5121, ti=d348c000 task=d372c860 task.ti=d348c000)
> [ 2246.612920] Stack:
> [ 2246.612924]  f60f2a30 d348df1c c02347f6 00000000 d348df40 c01cd344 f60f2a30 00000000
> [ 2246.612941]  00000000 00000003 00000000 f821d400 00000000 d348df4c f821d01c f821d088
> [ 2246.612959]  d348dfb0 c014f1e8 f821d40c 74736574 6c6c615f 645f636f 006b7369 ffffffff
> [ 2246.612979] Call Trace:
> [ 2246.612983]  [<c02347f6>] ? unlink_gendisk+0x26/0x50
> [ 2246.612995]  [<c01cd344>] ? del_gendisk+0x84/0xd0
> [ 2246.613009]  [<f821d01c>] ? test_exit_module+0x1c/0x20 [test_alloc_disk]
> [ 2246.613025]  [<c014f1e8>] ? sys_delete_module+0x158/0x220
> [ 2246.613028]  [<c0103407>] ? sysenter_exit+0xf/0x16
> [ 2246.613028]  [<c01033d9>] ? sysenter_do_call+0x12/0x31
> [ 2246.613028] Code: 00 00 c7 40 24 00 00 00 00 c7 40 28 00 00 00 00 c7 40 58 00 00 00 00 83 c0 2c e8 c6 9b 0c 00 5d c3 8d 74 26 00 55 89 e5 53 89 c3 <8b> 40 68
> 85 c0 74 1f 8b 43 70 e8 3b 8d 0a 00 8b 43 6c e8 33 8d
> [ 2246.613028] EIP: [<c0172266>] bdi_unregister+0x6/0x30 SS:ESP 0068:d348df0c
> [ 2246.613224] ---[ end trace 8f06b3a64120ba58 ]---
> 
> Do anybody know what is wrong with the attached simple example module?

I forget to send the links to the book:
http://lwn.net/Kernel/LDD3/
http://lwn.net/images/pdf/LDD3/ch16.pdf

Regards,

	Márton Németh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ