| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Jan 2017 17:03:48 +0100 (CET) From: Jiri Kosina <jikos@...nel.org> To: Greg Kroah-Hartman <gregkh@...uxfoundation.org> cc: Omar Sandoval <osandov@...ndov.com>, linux-kernel@...r.kernel.org Subject: Re: debugfs vs. device removal On Thu, 19 Jan 2017, Greg Kroah-Hartman wrote: > > In the block layer, we abuse sysfs to export some per-device debugging > > information. I was looking into moving this to debugfs, but I realized > > that debugfs doesn't have a mechanism to ensure that a file associated > > with a device is safe to use when the device is removed. > > What do you mean by "safe"? The race conditions where you remove a file > and still have it open should all now be resolved in 4.8 and 4.9, di dwe > miss something? This is something else -- Omar is right, hid-debugfs interface is buggy. It basically doesn't synchronize the data dumping with device removal, so if device is removed and deallocated and the race is hit, it tries to dereference struct hid_device which has already been freed. I'll look into fixing this later today or tomorrow. Basically we'd need to synchronize between hid_remove_device() and anything in hid-debug and whenever removal is pending, not to try to get any data out of it any more and bail immediately. Something like rwlock (debugfs being the reader and device removal being the writer) should work. Thanks, -- Jiri Kosina SUSE Labs
Powered by blists - more mailing lists