lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAPcyv4iiF1b53zn+zVvCjJFs2JKX=HvHAVggae-wULVD8jBFBQ@mail.gmail.com>
Date:   Tue, 14 Sep 2021 10:46:20 -0700
From:   Dan Williams <dan.j.williams@...el.com>
To:     Sasha Levin <sashal@...nel.org>
Cc:     Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        stable <stable@...r.kernel.org>,
        Ben Widawsky <ben.widawsky@...el.com>,
        Jonathan Cameron <Jonathan.Cameron@...wei.com>,
        linux-cxl@...r.kernel.org
Subject: Re: [PATCH AUTOSEL 5.14 04/25] cxl/pci: Introduce cdevm_file_operations

On Tue, Sep 14, 2021 at 10:01 AM Sasha Levin <sashal@...nel.org> wrote:
>
> On Tue, Sep 14, 2021 at 08:42:04AM -0700, Dan Williams wrote:
> >On Mon, Sep 13, 2021 at 3:33 PM Sasha Levin <sashal@...nel.org> wrote:
> >>
> >> From: Dan Williams <dan.j.williams@...el.com>
> >>
> >> [ Upstream commit 9cc238c7a526dba9ee8c210fa2828886fc65db66 ]
> >>
> >> In preparation for moving cxl_memdev allocation to the core, introduce
> >> cdevm_file_operations to coordinate file operations shutdown relative to
> >> driver data release.
> >>
> >> The motivation for moving cxl_memdev allocation to the core (beyond
> >> better file organization of sysfs attributes in core/ and drivers in
> >> cxl/), is that device lifetime is longer than module lifetime. The cxl_pci
> >> module should be free to come and go without needing to coordinate with
> >> devices that need the text associated with cxl_memdev_release() to stay
> >> resident. The move will fix a use after free bug when looping driver
> >> load / unload with CONFIG_DEBUG_KOBJECT_RELEASE=y.
> >>
> >> Another motivation for passing in file_operations to the core cxl_memdev
> >> creation flow is to allow for alternate drivers, like unit test code, to
> >> define their own ioctl backends.
> >
> >Hi Sasha,
> >
> >Please drop this. It's not a fix, it's just a reorganization for
> >easing the addition of new features and capabilities.
>
> I'll drop it, but just to satisfy my curiousity: the description says it
> fixes a use-after-free bug in the existing code, is it not the case?

It does fix a problem if the final put_device() happens after the
module text has been unloaded. However, I am only aware of the
artificial trigger for that (CONFIG_DEBUG_KOBJECT_RELEASE=y). I.e. if
CONFIG_DEBUG_KOBJECT_RELEASE=n I am not aware of any agent that will
hold a device reference besides the driver itself. That was the
rationale for not tagging this for -stable.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ