lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 17 Aug 2021 18:07:57 -0700
From:   Daniel Steger <daniel.steger@...inx.com>
To:     <gregkh@...uxfoundation.org>, <rafael@...nel.org>
CC:     <linux-kernel@...r.kernel.org>,
        Daniel Steger <daniel.steger@...inx.com>
Subject: [PATCH] fs: sysfs: do not remove files if group is null

The current implementation allows the remove_files() API to be
called without checking if the grp->name is null. Ensure that
the group name is valid prior to removing files.

This patch fixes a race condition where device_del() will cleanup
sysfs entries prior to device managed sysfs entries. This results
in a NULL group->name and a system error during device cleanup.

To reproduce the issue, simply create a new child device in a
platform driver of your choice. Add a sysfs file group using
devm API. On driver exist ensure to unregister your child device.
Do not call devm_device_remove_group() and leave it up to the
implementation to automatically clean up the files. Here is where
you will see a kernel error complaining that the files have already
been removed.

Signed-off-by: Daniel Steger <daniel.steger@...inx.com>
---
 fs/sysfs/group.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/fs/sysfs/group.c b/fs/sysfs/group.c
index 64e6a6698935..023b40840f36 100644
--- a/fs/sysfs/group.c
+++ b/fs/sysfs/group.c
@@ -286,9 +286,10 @@ void sysfs_remove_group(struct kobject *kobj,
                kernfs_get(kn);
        }

-       remove_files(kn, grp);
-       if (grp->name)
+       if (grp->name) {
+               remove_files(kn, grp);
                kernfs_remove(kn);
+       }

        kernfs_put(kn);
 }
--
2.25.1

This email and any attachments are intended for the sole use of the named recipient(s) and contain(s) confidential information that may be proprietary, privileged or copyrighted under applicable law. If you are not the intended recipient, do not read, copy, or forward this email message or any attachments. Delete this email message and any attachments immediately.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ