lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20140521164827.GB3501@e103592.cambridge.arm.com>
Date:	Wed, 21 May 2014 17:48:28 +0100
From:	Dave P Martin <Dave.Martin@....com>
To:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:	linux-kernel@...r.kernel.org
Subject: debugfs and module unloading

Hi there,

I have a quick debugfs question:

How can I protect against a module being unloaded while debugfs files it
provides are open?

I can do something like the following:

static int my_debugfs_file_open(struct inode *, struct file *)
{
	if (!try_module_get())
		return -EIO;

	/* ... */
}

static int my_debugfs_file_release(struct inode *, struct file *)
{
	/* ... */

	module_put();

	return 0;
}

static const struct file_operations my_debugfs_fops = {
	/* ... */

	.open = my_debugfs_file_open,
	.release = my_debugfs_file_release,

	/* ... */
};

static struct device_driver my_driver {
	/* ... */

	.owner = THIS_MODULE;

	/* ... */
};

static int my_module_init(void)
{
	driver_register(&my_driver);
	debugfs_create_file(..., &my_debugfs_fops);
}

static void my_module_exit(void)
{
	debugfs_remove_recusrive(...);
	driver_unregister(&my_driver);
}


... but it doesn't quite work.  debugfs_remove_recursive() prevents any
new file handles being opened, but files already open remain open -- so
it's still possible for the module text to get unloaded between the
module refcount being decreased inside module_put() and the time
my_debugfs_file_release() returns.

The scenario to consider is when a request to unload the module races
with closure of the last debugfs file.


The only obvious way I can see to solve this without changing the debugfs
code is to make the module impossible to unload by calling __module_get()
during initialisation, before any debugfs file is created.


A similar dependency problem exists when a pointer to some device
instance data is passed to debugfs_create_file().  For pluggable
devices, the device might go away at any time.  I hoped this could
be solved by calling get_device() ... put_device() in the debugfs file
open and release methods, but I found that a device instance can
get removed, and the module unloaded, even though the struct device
refcount is not zero.


Am I missing something?

Cheers
---Dave
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ