lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 6 Dec 2012 23:25:53 +0100
From:	"Hans J. Koch" <hjk@...sjkoch.de>
To:	Benedikt Spranger <b.spranger@...utronix.de>
Cc:	linux-kernel@...r.kernel.org, hjk@...sjkoch.de,
	gregkh@...uxfoundation.org, Alexander.Frank@...rspaecher.com
Subject: Re: [PATCH 2/2] uio: avoid module unloding of in module created UIO
 devices

On Thu, Dec 06, 2012 at 01:44:57PM +0100, Benedikt Spranger wrote:
> A kernel module can create a uio device. Get a reference to the module, if the
> UIO device is in use. Otherwise the device can be removed and a uio write or an
> access to am mmaped memory can cause a kernel Oops or other strange effects.
> 
> Signed-off-by: Benedikt Spranger <b.spranger@...utronix.de>
> ---
>  drivers/uio/uio.c          |    8 ++++++++
>  include/linux/uio_driver.h |    1 +
>  2 files changed, 9 insertions(+)
> 
> diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
> index b96499a..3b62da0 100644
> --- a/drivers/uio/uio.c
> +++ b/drivers/uio/uio.c
> @@ -446,6 +446,7 @@ static void uio_release_listener(struct kref *kref)
>  		idev->info->release(idev->info);
>  
>  	module_put(idev->owner);
> +	module_put(idev->info->owner);
>  	kfree(listener);
>  }
>  
> @@ -468,6 +469,11 @@ static int uio_open(struct inode *inode, struct file *filep)
>  		goto out;
>  	}
>  
> +	if (!try_module_get(idev->info->owner)) {
> +		ret = -ENODEV;
> +		goto err_get_module;
> +	}
> +
>  	listener = kmalloc(sizeof(*listener), GFP_KERNEL);
>  	if (!listener) {
>  		ret = -ENOMEM;
> @@ -493,6 +499,8 @@ err_infoopen:
>  
>  err_alloc_listener:
>  	module_put(idev->owner);
> +err_get_module:
> +	module_put(idev->owner);
>  
>  out:
>  	return ret;
> diff --git a/include/linux/uio_driver.h b/include/linux/uio_driver.h
> index 1bc6493..2862de23 100644
> --- a/include/linux/uio_driver.h
> +++ b/include/linux/uio_driver.h
> @@ -95,6 +95,7 @@ struct uio_info {
>  	int (*open)(struct uio_info *info);
>  	void (*release)(struct uio_info *info);
>  	int (*irqcontrol)(struct uio_info *info, s32 irq_on);
> +	struct module		*owner;

Where is that needed? I won't add a new element to struct uio_info without
an in-kernel user.

Thanks,
Hans
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ