| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Nov 2013 15:20:09 +0800
From: Lan Tianyu <tianyu.lan@...el.com>
To: "Rafael J. Wysocki" <rjw@...ysocki.net>
CC: ACPI Devel Maling List <linux-acpi@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
Linux PCI <linux-pci@...r.kernel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Bjorn Helgaas <bhelgaas@...gle.com>,
Aaron Lu <aaron.lu@...el.com>,
Jarkko Nikula <jarkko.nikula@...ux.intel.com>,
Mika Westerberg <mika.westerberg@...ux.intel.com>,
"Luck, Tony" <tony.luck@...el.com>
Subject: Re: [PATCH 2/2] ACPI / bind: Use (put|get)_device() on ACPI device
objects too
On 2013年11月14日 07:26, Rafael J. Wysocki wrote:
> From: Rafael J. Wysocki <rafael.j.wysocki@...el.com>
>
> When associating a "physical" device with an ACPI device object
> acpi_bind_one() only uses get_device() to increment the reference
> counter of the former, but there is no reason not to do that with
> the latter too. Among other things, that may help to avoid
> use-after-free when an ACPI device object is freed without calling
> acpi_unbind_one() for all "physical" devices associated with it
> (that only can happen in buggy code, but then it's better if the
> kernel doesn't crash as a result of a bug).
>
> For this reason, modify acpi_bind_one() to apply get_device() to
> the ACPI device object too and update acpi_unbind_one() to drop
> that reference using put_device() as appropriate.
>
> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@...el.com>
> ---
> drivers/acpi/glue.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> Index: linux-pm/drivers/acpi/glue.c
> ===================================================================
> --- linux-pm.orig/drivers/acpi/glue.c
> +++ linux-pm/drivers/acpi/glue.c
> @@ -217,6 +217,7 @@ int acpi_bind_one(struct device *dev, ac
> if (!acpi_dev)
> return -EINVAL;
>
> + get_device(&acpi_dev->dev);
> get_device(dev);
> physical_node = kzalloc(sizeof(*physical_node), GFP_KERNEL);
> if (!physical_node) {
> @@ -243,6 +244,7 @@ int acpi_bind_one(struct device *dev, ac
> goto err;
>
> put_device(dev);
> + put_device(&acpi_dev->dev);
> return 0;
> }
> if (pn->node_id == node_id) {
> @@ -282,6 +284,7 @@ int acpi_bind_one(struct device *dev, ac
> err:
> ACPI_COMPANION_SET(dev, NULL);
> put_device(dev);
> + put_device(&acpi_dev->dev);
> return retval;
> }
> EXPORT_SYMBOL_GPL(acpi_bind_one);
> @@ -307,8 +310,9 @@ int acpi_unbind_one(struct device *dev)
> sysfs_remove_link(&acpi_dev->dev.kobj, physnode_name);
> sysfs_remove_link(&dev->kobj, "firmware_node");
> ACPI_COMPANION_SET(dev, NULL);
> - /* acpi_bind_one() increase refcnt by one. */
> + /* Drop references taken by acpi_bind_one(). */
> put_device(dev);
> + put_device(&acpi_dev->dev);
> kfree(entry);
> break;
> }
>
Reviewed-by: Lan Tianyu <tianyu.lan@...el.com>
--
Best regards
Tianyu Lan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists