lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 06 Dec 2011 02:56:41 +0530
From:	"Srivatsa S. Bhat" <srivatsa.bhat@...ux.vnet.ibm.com>
To:	gregkh@...e.de
Cc:	dhowells@...hat.com, eparis@...hat.com, rjw@...k.pl,
	kay.sievers@...y.org, jmorris@...ei.org, tj@...nel.org,
	bp@...64.org, linux-pm@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH 2/2] PM / request_firmware(): Use the refcounting solution to
 fix the race

It is racy to merely call usermodehelper_is_disabled() to check whether
we can successfully use usermodehelpers to get firmware from userspace,
because, an event such as suspend/hibernation in progress could disable
the usermodehelpers at the same time.
So use the pair [get|put]_usermodehelper() around the above check (reader),
to solve this race. Also, the writers, namely usermodehelper_[disable|enable]
should use umh_control_[begin|done] for this synchronization to be effective.

Signed-off-by: Srivatsa S. Bhat <srivatsa.bhat@...ux.vnet.ibm.com>
---

 drivers/base/firmware_class.c |    3 +++
 kernel/kmod.c                 |   10 +++++++++-
 2 files changed, 12 insertions(+), 1 deletions(-)

diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c
index 06ed6b4..8a04946 100644
--- a/drivers/base/firmware_class.c
+++ b/drivers/base/firmware_class.c
@@ -534,6 +534,8 @@ static int _request_firmware(const struct firmware **firmware_p,
 		return 0;
 	}
 
+	get_usermodehelper();
+
 	if (WARN_ON(usermodehelper_is_disabled())) {
 		dev_err(device, "firmware: %s will not be loaded\n", name);
 		retval = -EBUSY;
@@ -572,6 +574,7 @@ static int _request_firmware(const struct firmware **firmware_p,
 	fw_destroy_instance(fw_priv);
 
 out:
+	put_usermodehelper();
 	if (retval) {
 		release_firmware(firmware);
 		*firmware_p = NULL;
diff --git a/kernel/kmod.c b/kernel/kmod.c
index acb52af..e6951b3 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -337,6 +337,8 @@ static void __call_usermodehelper(struct work_struct *work)
  * If set, call_usermodehelper_exec() will exit immediately returning -EBUSY
  * (used for preventing user land processes from being created after the user
  * land has been frozen during a system-wide hibernation or suspend operation).
+ * Should always be manipulated under umhelper.lock, by using the functions
+ * umh_control_begin() and umh_control_done().
  */
 static int usermodehelper_disabled = 1;
 
@@ -362,8 +364,10 @@ int usermodehelper_disable(void)
 {
 	long retval;
 
+	umh_control_begin();
 	usermodehelper_disabled = 1;
-	smp_mb();
+	umh_control_done();
+
 	/*
 	 * From now on call_usermodehelper_exec() won't start any new
 	 * helpers, so it is sufficient if running_helpers turns out to
@@ -376,7 +380,9 @@ int usermodehelper_disable(void)
 	if (retval)
 		return 0;
 
+	umh_control_begin();
 	usermodehelper_disabled = 0;
+	umh_control_done();
 	return -EAGAIN;
 }
 
@@ -385,7 +391,9 @@ int usermodehelper_disable(void)
  */
 void usermodehelper_enable(void)
 {
+	umh_control_begin();
 	usermodehelper_disabled = 0;
+	umh_control_done();
 }
 
 /**

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ