lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <loom.20160621T174448-519@post.gmane.org>
Date:	Tue, 21 Jun 2016 15:46:16 +0000 (UTC)
From:	Jason Hrycay <jason.hrycay@...orola.com>
To:	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] driver core: fix race between creating/querying glue dir and its cleanup

Hi Ming/Chandrasekhar,

Chandra Sekhar Lingutla <clingutla <at> codeaurora.org> writes:

> 
> Hi Ming,
> 
> [...]
> > +static inline bool live_in_glue_dir(struct kobject *kobj,
> > +				    struct device *dev)
> > +{
> > +	if (!kobj || !dev->class ||
> > +	    kobj->kset != &dev->class->p->glue_dirs)
> > +		return true;
> > +	return false;
> > +}
> I think we should return false if kobj->kset != &dev->class->p->glue_dirs.
> If kboj->kset points to dev->class->p->glue_dirs, then we live in glue dir.
> So logic should be:
> 	if (!kobj || !dev->class ||
> 		kobj->kset != &dev->class->p->glue_dirs)
> 			return false;
> 	return true;
> 
> > +
> > +static inline struct kobject *get_glue_dir(struct device *dev)
> > +{
> > +	if (live_in_glue_dir(&dev->kobj, dev))
> > +		return dev->kobj.parent;
> > +	return NULL;
> > +}

I don't think we should be checking the live_in_glue_dir on dev->kobj above, 
but rather, dev->kobj.parent. That being said, I don't think the check is 
even needed as it's going to be re-checked in the cleanup_glue_dir.

The issue is, if we fail the 'live_in_glue_dir' check on the dev->kobj, we'll
return NULL and subsequently fail to kobject_put the dev->kobj.parent in the 
cleanup_glue_dir function, leaking a reference.

> [snip]

Regards,
Jason Hrycay
jason.hrycay@...orola.com






Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ