lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <543F25D3.8010708@huawei.com>
Date:	Thu, 16 Oct 2014 09:56:35 +0800
From:	Weng Meiling <wengmeiling.weng@...wei.com>
To:	Greg KH <gregkh@...uxfoundation.org>, <tj@...nel.org>,
	Jens Axboe <axboe@...nel.dk>, <akpm@...ux-foundation.org>,
	<adilger.kernel@...ger.ca>, Jan Kara <jack@...e.cz>
CC:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Xiang Rui <rui.xiang@...wei.com>,
	Li Zefan <lizefan@...wei.com>,
	Huang Qiang <h.huangqiang@...wei.com>,
	Zhao Hongjiang <zhaohongjiang@...wei.com>
Subject: Re: Subject: [PATCH] kobject: fix the race between kobject_del and
 get_device_parent

Hi,

Would you please give me some of your views on this issue? Any suggestion is appreciative.

Thanks!

Weng Meiling

On 2014/10/15 14:42, Weng Meiling wrote:
> When the last child kobject was deleted, it's parent kobject will be deleted,
> when removing the parent kobject if the parent kobject's sd has been set NULL
> and still not been removed from it's kset's list, at the same time another one
> trigger an device adding event, the function get_parent_device() will get the
> parent object from the kset's list for kobject_add(), but this time parent
> kobject's sd has been NULL. This race will make the sysfs_create_dir() return
> ENOENT, the new kobject will be failed to added into sysfs and trigger BUG()
> when creating attribute group under the new device's directory. So move the
> kobject removal from kset's list before kobj->sd=NULL.
> 
> The race situation:
> 
> path0(remove parent kobj, e.g:/sys/devices/virtual/block/)   path1(register a new device)
> 
> kobject_del(){                                               get_device_parent(){
> ...                                                          ...
> sysfs_remove_dir(kobj);  //kobj->sd=NULL                     spin_lock(&dev->class->p->glue_dirs.list_lock);
> ...                                                  <===    list_for_each_entry(k, &dev->class->p->glue_dirs.list, entry)
> kobj_kset_leave(kobj);   //remove kobj from kset list        ...
> }                                                           }
> 
> 
> We had triggered the bug, the detail message link:
> https://lkml.org/lkml/2014/10/13/40
> 
> Signed-off-by: Weng Meiling <wengmeiling.weng@...wei.com>
> ---
>  lib/kobject.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/lib/kobject.c b/lib/kobject.c
> index 58751bb..af2b7bb 100644
> --- a/lib/kobject.c
> +++ b/lib/kobject.c
> @@ -560,12 +560,13 @@ void kobject_del(struct kobject *kobj)
>  	if (!kobj)
>  		return;
> 
> +	kobj_kset_leave(kobj);
> +
>  	sd = kobj->sd;
>  	sysfs_remove_dir(kobj);
>  	sysfs_put(sd);
> 
>  	kobj->state_in_sysfs = 0;
> -	kobj_kset_leave(kobj);
>  	kobject_put(kobj->parent);
>  	kobj->parent = NULL;
>  }
> 


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ