lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <YTMS6cIGLwqxA0t9@kroah.com>
Date:   Sat, 4 Sep 2021 08:32:09 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Jiazi Li <jqqlijiazi@...il.com>
Cc:     Arnd Bergmann <arnd@...db.de>, Jiazi Li <lijiazi@...omi.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] char: misc: init list head only when needed

On Mon, Aug 16, 2021 at 06:12:32PM +0800, Jiazi Li wrote:
> If a module successfully registers a misc device.
> Then, due to some bugs, use same address register misc device
> again, init list head will corrupt misc_list, resulting in oops
> when using misc_list.

Then fix those bugs that try to register the misc device more than once?

Does that happen in any in-kernel drivers or is this just a failure of
external drivers that are not submitted to the kernel tree?

> In this scenario, do not init list head, if registration is
> successful, init list head is also not required.
> 
> Signed-off-by: Jiazi Li <lijiazi@...omi.com>
> ---
>  drivers/char/misc.c | 19 ++++++++++++++-----
>  1 file changed, 14 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/char/misc.c b/drivers/char/misc.c
> index ca5141e..2451640 100644
> --- a/drivers/char/misc.c
> +++ b/drivers/char/misc.c
> @@ -176,7 +176,6 @@ int misc_register(struct miscdevice *misc)
>  	int err = 0;
>  	bool is_dynamic = (misc->minor == MISC_DYNAMIC_MINOR);
>  
> -	INIT_LIST_HEAD(&misc->list);
>  
>  	mutex_lock(&misc_mtx);
>  
> @@ -185,7 +184,7 @@ int misc_register(struct miscdevice *misc)
>  
>  		if (i >= DYNAMIC_MINORS) {
>  			err = -EBUSY;
> -			goto out;
> +			goto err2;
>  		}
>  		misc->minor = DYNAMIC_MINORS - i - 1;
>  		set_bit(i, misc_minors);
> @@ -195,7 +194,13 @@ int misc_register(struct miscdevice *misc)
>  		list_for_each_entry(c, &misc_list, list) {
>  			if (c->minor == misc->minor) {
>  				err = -EBUSY;
> -				goto out;
> +				/*
> +				 * if module use same address double register,
> +				 * init list will corrupt misc_list

I do not understand the text here at all, sorry.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ