lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Jun 2020 19:11:07 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: "Rafael J. Wysocki" <rafael@...nel.org> Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Stable <stable@...r.kernel.org>, Naresh Kamboju <naresh.kamboju@...aro.org>, kernel test robot <rong.a.chen@...el.com>, Heikki Krogerus <heikki.krogerus@...ux.intel.com>, "Rafael J. Wysocki" <rafael.j.wysocki@...el.com>, Brendan Higgins <brendanhiggins@...gle.com>, Randy Dunlap <rdunlap@...radead.org>, Sasha Levin <sashal@...nel.org> Subject: Re: [PATCH 5.6 041/161] kobject: Make sure the parent does not get released before its children On Tue, Jun 16, 2020 at 07:05:44PM +0200, Rafael J. Wysocki wrote: > On Tue, Jun 16, 2020 at 5:50 PM Greg Kroah-Hartman > <gregkh@...uxfoundation.org> wrote: > > > > From: Heikki Krogerus <heikki.krogerus@...ux.intel.com> > > > > [ Upstream commit 4ef12f7198023c09ad6d25b652bd8748c965c7fa ] > > > > In the function kobject_cleanup(), kobject_del(kobj) is > > called before the kobj->release(). That makes it possible to > > release the parent of the kobject before the kobject itself. > > > > To fix that, adding function __kboject_del() that does > > everything that kobject_del() does except release the parent > > reference. kobject_cleanup() then calls __kobject_del() > > instead of kobject_del(), and separately decrements the > > reference count of the parent kobject after kobj->release() > > has been called. > > > > Reported-by: Naresh Kamboju <naresh.kamboju@...aro.org> > > Reported-by: kernel test robot <rong.a.chen@...el.com> > > Fixes: 7589238a8cf3 ("Revert "software node: Simplify software_node_release() function"") > > Suggested-by: "Rafael J. Wysocki" <rafael@...nel.org> > > Signed-off-by: Heikki Krogerus <heikki.krogerus@...ux.intel.com> > > Reviewed-by: Rafael J. Wysocki <rafael.j.wysocki@...el.com> > > Reviewed-by: Brendan Higgins <brendanhiggins@...gle.com> > > Tested-by: Brendan Higgins <brendanhiggins@...gle.com> > > Acked-by: Randy Dunlap <rdunlap@...radead.org> > > Link: https://lore.kernel.org/r/20200513151840.36400-1-heikki.krogerus@linux.intel.com > > Cc: stable <stable@...r.kernel.org> > > Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org> > > Signed-off-by: Sasha Levin <sashal@...nel.org> > > --- > > lib/kobject.c | 30 ++++++++++++++++++++---------- > > 1 file changed, 20 insertions(+), 10 deletions(-) > > > > diff --git a/lib/kobject.c b/lib/kobject.c > > index 83198cb37d8d..2bd631460e18 100644 > > --- a/lib/kobject.c > > +++ b/lib/kobject.c > > @@ -599,14 +599,7 @@ int kobject_move(struct kobject *kobj, struct kobject *new_parent) > > } > > EXPORT_SYMBOL_GPL(kobject_move); > > > > -/** > > - * kobject_del() - Unlink kobject from hierarchy. > > - * @kobj: object. > > - * > > - * This is the function that should be called to delete an object > > - * successfully added via kobject_add(). > > - */ > > -void kobject_del(struct kobject *kobj) > > +static void __kobject_del(struct kobject *kobj) > > { > > struct kernfs_node *sd; > > const struct kobj_type *ktype; > > @@ -625,9 +618,23 @@ void kobject_del(struct kobject *kobj) > > > > kobj->state_in_sysfs = 0; > > kobj_kset_leave(kobj); > > - kobject_put(kobj->parent); > > kobj->parent = NULL; > > } > > + > > +/** > > + * kobject_del() - Unlink kobject from hierarchy. > > + * @kobj: object. > > + * > > + * This is the function that should be called to delete an object > > + * successfully added via kobject_add(). > > + */ > > +void kobject_del(struct kobject *kobj) > > +{ > > + struct kobject *parent = kobj->parent; > > + > > + __kobject_del(kobj); > > + kobject_put(parent); > > +} > > EXPORT_SYMBOL(kobject_del); > > > > /** > > @@ -663,6 +670,7 @@ EXPORT_SYMBOL(kobject_get_unless_zero); > > */ > > static void kobject_cleanup(struct kobject *kobj) > > { > > + struct kobject *parent = kobj->parent; > > struct kobj_type *t = get_ktype(kobj); > > const char *name = kobj->name; > > > > @@ -684,7 +692,7 @@ static void kobject_cleanup(struct kobject *kobj) > > if (kobj->state_in_sysfs) { > > pr_debug("kobject: '%s' (%p): auto cleanup kobject_del\n", > > kobject_name(kobj), kobj); > > - kobject_del(kobj); > > + __kobject_del(kobj); > > } > > > > if (t && t->release) { > > @@ -698,6 +706,8 @@ static void kobject_cleanup(struct kobject *kobj) > > pr_debug("kobject: '%s': free name\n", name); > > kfree_const(name); > > } > > + > > + kobject_put(parent); > > This is known incorrect, because that should only be done if the > __kobject_del() above has run. > > Also this commit has been reverted from the mainline. Argh, I should have caught this, my fault, sorry, I'll go drop it. > I have posted a fixed replacement for it with no response whatever so far: > > https://lore.kernel.org/lkml/1908555.IiAGLGrh1Z@kreacher/ It's been the merge window, I couldn't do anything until Monday :) It's in my queue, give me a chance to catch up... thanks, greg k-h
Powered by blists - more mailing lists