| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 3 Mar 2017 13:36:29 +0100
From: Alban <albeu@...e.fr>
To: Boris Brezillon <boris.brezillon@...e-electrons.com>
Cc: Aban Bedel <albeu@...e.fr>, linux-kernel@...r.kernel.org,
devicetree@...r.kernel.org, linux-mtd@...ts.infradead.org,
Cyrille Pitchen <cyrille.pitchen@...el.com>,
Richard Weinberger <richard@....at>,
Marek Vasut <marek.vasut@...il.com>,
Brian Norris <computersforpeace@...il.com>,
David Woodhouse <dwmw2@...radead.org>,
Mark Rutland <mark.rutland@....com>,
Rob Herring <robh+dt@...nel.org>,
Maxime Ripard <maxime.ripard@...e-electrons.com>,
Srinivas Kandagatla <srinivas.kandagatla@...aro.org>,
Moritz Fischer <moritz.fischer@...us.com>
Subject: Re: [PATCH 2/3] mtd: Add support for reading MTD devices via the
nvmem API
On Thu, 2 Mar 2017 22:18:03 +0100
Boris Brezillon <boris.brezillon@...e-electrons.com> wrote:
> On Thu, 2 Mar 2017 20:50:22 +0100
> Alban <albeu@...e.fr> wrote:
>
> [snip]
>
> > +static void mtd_nvmem_add(struct mtd_info *mtd)
> > +{
> > + struct device *dev = &mtd->dev;
> > + struct device_node *np = dev_of_node(dev);
> > + struct nvmem_config config = {};
> > + struct mtd_nvmem *mtd_nvmem;
> > +
> > + /* OF devices have to provide the nvmem node */
> > + if (np && !of_property_read_bool(np, "nvmem-provider"))
> > + return;
>
> Might have to be adapted according to the DT binding if we decide to
> add an extra subnode, but then, I'm not sure the nvmem cells creation
> will work correctly, because the framework expect nvmem cells to be
> direct children of the nvmem device, which will no longer be the case
> if you add an intermediate node between the MTD device node and the
> nvmem cell nodes.
Yes to support such a binding we would have to fix of_nvmem_cell_get(),
but that should be quiet simple to have it support both the new and old
binding.
>
> [snip]
>
> > +static void mtd_nvmem_remove(struct mtd_info *mtd)
> > +{
> > + struct mtd_nvmem *mtd_nvmem;
> > + bool found = false;
> > +
> > + mutex_lock(&mtd_nvmem_list_lock);
> > + list_for_each_entry(mtd_nvmem, &mtd_nvmem_list, list) {
> > + if (mtd_nvmem->mtd == mtd) {
> > + list_del(&mtd_nvmem->list);
> > + found = true;
> > + break;
> > + }
> > + }
> > + mutex_unlock(&mtd_nvmem_list_lock);
> > +
> > + if (found) {
> > + if (nvmem_unregister(mtd_nvmem->nvmem))
> > + dev_err(&mtd->dev,
> > + "Failed to unregister NVMEM device\n");
>
> Ouch! You failed to unregister the NVMEM device but you have no way to
> stop MTD dev removal, which means you have a potential use-after-free
> bug. Not sure this can happen in real life, but I don't like that.
Yes, I'm aware of this problem. Sorry, I forgot to mention this in the
cover letter.
> Maybe we should let notifiers return an error if they want to cancel
> the removal, or maybe this is a good reason to put the nvmem pointer
> directly in mtd_info and call mtd_nvmem_add/remove() directly from
> add/del_mtd_device() and allow them to return an error.
>
> Not that, if you go for this solution, you'll also get rid of the
> global mtd_nvmem_list list and the associated lock.
IMHO the MTD users framework has to be re-worked to be useful. First
both the add and remove callbacks should have return values. Users where
the add failed shouldn't be removed later and users where the remove
fails should block the removal of the MTD.
Furthermore only passing the MTD device to the add/remove callback
force the users to keep their own list, which is annoying to say the
least. A simple fix would be to have the add callback return a pointer
that would be passed back to the remove callback. Trivial to implement
and the MTD user wouldn't have to keep any list. I will look into this
in the next days.
Alban
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists