lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20181018093902.7b36c570@shemminger-XPS-13-9360>
Date:   Thu, 18 Oct 2018 09:39:02 -0700
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     Olaf Hering <olaf@...fle.de>
Cc:     kys@...rosoft.com, linux-kernel@...r.kernel.org,
        devel@...uxdriverproject.org
Subject: Re: [PATCH V2 3/4] vmbus: add per-channel sysfs info

On Thu, 18 Oct 2018 17:19:53 +0200
Olaf Hering <olaf@...fle.de> wrote:

> Am Sun, 17 Sep 2017 20:54:18 -0700
> schrieb kys@...hange.microsoft.com:
> 
> > This extends existing vmbus related sysfs structure to provide per-channel
> > state information. This is useful when diagnosing issues with multiple
> > queues in networking and storage.  
> 
> > +++ b/drivers/hv/vmbus_drv.c
> > +static ssize_t write_avail_show(const struct vmbus_channel *channel, char *buf)
> > +{
> > +	const struct hv_ring_buffer_info *rbi = &channel->outbound;
> > +
> > +	return sprintf(buf, "%u\n", hv_get_bytes_to_write(rbi));
> > +}
> > +VMBUS_CHAN_ATTR_RO(write_avail);  
> 
> This is upstream since a year.
> 
> But I wonder how this can work if vmbus_device_register is called,
> and then something reads the populated sysfs files before vmbus_open returns.
> Nothing protects rbi->ring_buffer in this case, which remains NULL
> until vmbus_open populates it.
> 
> A simple reproduce, with a modular kernel, is to boot with init=/bin/bash
> head /sys/bus/vmbus/devices/*/channels/*/*
> 
> Olaf


Good catch, actually the problem goes across all of the ring buffer sysfs files
so it existed long before that.

The channel ring buffer could be missing.

I am less worried about the open from init case, and more worried about issues
when channels are closed (as happens when changing number of channels on a net device).

As Al has pointed out for years, sysfs is riddled with dangling reference issues.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ