| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YPgFGd+FZQZWODY7@kroah.com>
Date: Wed, 21 Jul 2021 13:29:29 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: Luis Chamberlain <mcgrof@...nel.org>
Cc: akpm@...ux-foundation.org, minchan@...nel.org, jeyu@...nel.org,
ngupta@...are.org, sergey.senozhatsky.work@...il.com,
rafael@...nel.org, axboe@...nel.dk, tj@...nel.org, mbenes@...e.com,
jpoimboe@...hat.com, tglx@...utronix.de, keescook@...omium.org,
jikos@...nel.org, rostedt@...dmis.org, peterz@...radead.org,
linux-block@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v6 2/3] zram: fix deadlock with sysfs attribute usage and
module removal
On Fri, Jul 02, 2021 at 05:19:57PM -0700, Luis Chamberlain wrote:
> +#define MODULE_DEVICE_ATTR_FUNC_STORE(_name) \
> +static ssize_t module_ ## _name ## _store(struct device *dev, \
> + struct device_attribute *attr, \
> + const char *buf, size_t len) \
> +{ \
> + ssize_t __ret; \
> + if (!try_module_get(THIS_MODULE)) \
> + return -ENODEV; \
I feel like this needs to be written down somewhere as I see it come up
all the time.
Again, this is racy and broken code. You can NEVER try to increment
your own module reference count unless it has already been incremented
by someone external first.
As "proof", what happens if this module is unloaded right _before_ this
call happens? The module will be unloaded, memory zeroed out (or
overridden), and then the processor will resume here and try to call (or
return into) this code path.
Boom.
Just say no to "try_module_get(THIS_MODULE)" as it is totally wrong.
thanks,
greg k-h
Powered by blists - more mailing lists