| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 Jun 2016 15:46:16 +0000 (UTC)
From: Jason Hrycay <jason.hrycay@...orola.com>
To: linux-kernel@...r.kernel.org
Subject: Re: [PATCH] driver core: fix race between creating/querying glue dir and its cleanup
Hi Ming/Chandrasekhar,
Chandra Sekhar Lingutla <clingutla <at> codeaurora.org> writes:
>
> Hi Ming,
>
> [...]
> > +static inline bool live_in_glue_dir(struct kobject *kobj,
> > + struct device *dev)
> > +{
> > + if (!kobj || !dev->class ||
> > + kobj->kset != &dev->class->p->glue_dirs)
> > + return true;
> > + return false;
> > +}
> I think we should return false if kobj->kset != &dev->class->p->glue_dirs.
> If kboj->kset points to dev->class->p->glue_dirs, then we live in glue dir.
> So logic should be:
> if (!kobj || !dev->class ||
> kobj->kset != &dev->class->p->glue_dirs)
> return false;
> return true;
>
> > +
> > +static inline struct kobject *get_glue_dir(struct device *dev)
> > +{
> > + if (live_in_glue_dir(&dev->kobj, dev))
> > + return dev->kobj.parent;
> > + return NULL;
> > +}
I don't think we should be checking the live_in_glue_dir on dev->kobj above,
but rather, dev->kobj.parent. That being said, I don't think the check is
even needed as it's going to be re-checked in the cleanup_glue_dir.
The issue is, if we fail the 'live_in_glue_dir' check on the dev->kobj, we'll
return NULL and subsequently fail to kobject_put the dev->kobj.parent in the
cleanup_glue_dir function, leaking a reference.
> [snip]
Regards,
Jason Hrycay
jason.hrycay@...orola.com
Powered by blists - more mailing lists