| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1503739.gVWYM3p8QD@avalon> Date: Wed, 15 Jul 2015 01:34:53 +0300 From: Laurent Pinchart <laurent.pinchart@...asonboard.com> To: linux-kernel@...r.kernel.org Subject: Is devm_* broken ? Hello, I came to realize not too long ago that the following sequence of events will lead to a crash with any platform driver that uses devm_* and creates device nodes. 1. Get a platform device bound it its driver 2. Open the corresponding device node in userspace and keep it open 3. Unbind the platform device from its driver through sysfs echo <device-name> > /sys/bus/platform/drivers/<driver-name>/unbind (or for hotpluggable devices just unplug the device) 4. Close the device node 5. Enjoy the fireworks While having a device node open prevents modules from being unloaded, it doesn't prevent devices from being unbound from drivers. If the driver uses devm_* helpers to allocate memory the memory will be freed when the device is unbound from the driver, but that memory will still be used by any operation touching an open device node. Is devm_* inherently broken ? It's so widely used, tell me I'm missing something obvious. -- Regards, Laurent Pinchart -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists