lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200406082857.GA1646464@kroah.com>
Date:   Mon, 6 Apr 2020 10:28:57 +0200
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Fei Zhang <zhangfeionline@...il.com>
Cc:     rafael@...nel.org, linux-kernel@...r.kernel.org,
        songmuchun@...edance.com
Subject: Re: [PATCH] driver core: Fix possible use after free on name

A: http://en.wikipedia.org/wiki/Top_post
Q: Were do I find info about this thing called top-posting?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

A: No.
Q: Should I include quotations after my reply?

http://daringfireball.net/2007/07/on_top

On Mon, Apr 06, 2020 at 03:40:41PM +0800, Fei Zhang wrote:
> Dear Greg,
> 
> Mostly, "class_creat" is used in kernel driver module, basically
> read-only strings,
> but it is easier to use a local variable string. When writing drive module,
> it fails to judge the local variable string which cannot be passed in
> only via interface.
> I found that someone else may also face the same problem.

An individual driver should NOT be creating a class, that is not what it
is there for.

Class names are very "rare" and should not be dynamically created at
all.

> If we have 2 identical hardwares with different internal logic(fpga),
> it may be more
> appropriate to create dynamic classes according to the logical functions.

No it is not appropriate at all to do that.

So, I'll ignore this patch as this is not something that you all should
do.  If an in-kernel user needs this, I will be glad to revisit this
issue, so I strongly suggest you work to get your code merged upstream
properly, so we can review it and suggest what you should be doing
instead.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ