lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 22 May 2014 07:01:14 +0900
From:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:	Dave P Martin <Dave.Martin@....com>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: debugfs and module unloading

On Wed, May 21, 2014 at 05:48:28PM +0100, Dave P Martin wrote:
> Hi there,
> 
> I have a quick debugfs question:
> 
> How can I protect against a module being unloaded while debugfs files it
> provides are open?
> 
> I can do something like the following:
> 
> static int my_debugfs_file_open(struct inode *, struct file *)
> {
> 	if (!try_module_get())
> 		return -EIO;
> 
> 	/* ... */
> }
> 
> static int my_debugfs_file_release(struct inode *, struct file *)
> {
> 	/* ... */
> 
> 	module_put();
> 
> 	return 0;
> }
> 
> static const struct file_operations my_debugfs_fops = {
> 	/* ... */
> 
> 	.open = my_debugfs_file_open,
> 	.release = my_debugfs_file_release,
> 
> 	/* ... */
> };
> 
> static struct device_driver my_driver {
> 	/* ... */
> 
> 	.owner = THIS_MODULE;
> 
> 	/* ... */
> };
> 
> static int my_module_init(void)
> {
> 	driver_register(&my_driver);
> 	debugfs_create_file(..., &my_debugfs_fops);
> }
> 
> static void my_module_exit(void)
> {
> 	debugfs_remove_recusrive(...);
> 	driver_unregister(&my_driver);
> }
> 
> 
> ... but it doesn't quite work.  debugfs_remove_recursive() prevents any
> new file handles being opened, but files already open remain open -- so
> it's still possible for the module text to get unloaded between the
> module refcount being decreased inside module_put() and the time
> my_debugfs_file_release() returns.
> 
> The scenario to consider is when a request to unload the module races
> with closure of the last debugfs file.
> 
> 
> The only obvious way I can see to solve this without changing the debugfs
> code is to make the module impossible to unload by calling __module_get()
> during initialisation, before any debugfs file is created.
> 
> 
> A similar dependency problem exists when a pointer to some device
> instance data is passed to debugfs_create_file().  For pluggable
> devices, the device might go away at any time.  I hoped this could
> be solved by calling get_device() ... put_device() in the debugfs file
> open and release methods, but I found that a device instance can
> get removed, and the module unloaded, even though the struct device
> refcount is not zero.
> 
> 
> Am I missing something?

Nope, you are not, it's a known issue.  Al Viro is doing some core VFS
work to help mitigate this, and I am working on converting debugfs to
use kernfs which should also help resolve this problem.

Don't unload modules automatically and you should be fine :)

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ