| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 May 2019 08:53:13 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: Prateek Sood <prsood@...eaurora.org>
Cc: rafael@...nel.org, sramana@...eaurora.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH V2] drivers: core: Remove glue dirs early only when
refcount is 1
On Wed, May 01, 2019 at 09:52:47AM +0530, Prateek Sood wrote:
> While loading firmware blobs parallely in different threads, it is possible
> to free sysfs node of glue_dirs in device_del() from a thread while another
> thread is trying to add subdir from device_add() in glue_dirs sysfs node.
>
> CPU1 CPU2
> fw_load_sysfs_fallback()
> device_add()
> get_device_parent()
> class_dir_create_and_add()
> kobject_add_internal()
> create_dir() // glue_dir
>
> fw_load_sysfs_fallback()
> device_add()
> get_device_parent()
> kobject_get() //glue_dir
>
> device_del()
> cleanup_glue_dir()
> kobject_del()
>
> kobject_add()
> kobject_add_internal()
> create_dir() // in glue_dir
> kernfs_create_dir_ns()
>
> sysfs_remove_dir() //glue_dir->sd=NULL
> sysfs_put() // free glue_dir->sd
>
> kernfs_new_node()
> kernfs_get(glue_dir)
>
> Fix this race by making sure that kernfs_node for glue_dir is released only
> when refcount for glue_dir kobj is 1.
>
> Signed-off-by: Prateek Sood <prsood@...eaurora.org>
> ---
> drivers/base/core.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
What changed from v1? That always has to go below the --- line.
v3 please.
Powered by blists - more mailing lists