lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YUjdytEDkCughtSz@bombadil.infradead.org>
Date:   Mon, 20 Sep 2021 12:15:22 -0700
From:   Luis Chamberlain <mcgrof@...nel.org>
To:     Tejun Heo <tj@...nel.org>
Cc:     gregkh@...uxfoundation.org, akpm@...ux-foundation.org,
        minchan@...nel.org, jeyu@...nel.org, shuah@...nel.org,
        rdunlap@...radead.org, rafael@...nel.org, masahiroy@...nel.org,
        ndesaulniers@...gle.com, yzaikin@...gle.com, nathan@...nel.org,
        ojeda@...nel.org, penguin-kernel@...ove.sakura.ne.jp,
        vitor@...saru.org, elver@...gle.com, jarkko@...nel.org,
        glider@...gle.com, rf@...nsource.cirrus.com,
        stephen@...workplumber.org, David.Laight@...lab.com,
        bvanassche@....org, jolsa@...nel.org,
        andriy.shevchenko@...ux.intel.com, trishalfonso@...gle.com,
        andreyknvl@...il.com, jikos@...nel.org, mbenes@...e.com,
        ngupta@...are.org, sergey.senozhatsky.work@...il.com,
        reinette.chatre@...el.com, fenghua.yu@...el.com, bp@...en8.de,
        x86@...nel.org, hpa@...or.com, lizefan.x@...edance.com,
        hannes@...xchg.org, daniel.vetter@...ll.ch, bhelgaas@...gle.com,
        kw@...ux.com, dan.j.williams@...el.com, senozhatsky@...omium.org,
        hch@....de, joe@...ches.com, hkallweit1@...il.com, axboe@...nel.dk,
        jpoimboe@...hat.com, tglx@...utronix.de, keescook@...omium.org,
        rostedt@...dmis.org, peterz@...radead.org,
        linux-spdx@...r.kernel.org, linux-doc@...r.kernel.org,
        linux-block@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        linux-kselftest@...r.kernel.org, cgroups@...r.kernel.org,
        linux-kernel@...r.kernel.org, copyleft-next@...ts.fedorahosted.org
Subject: Re: [PATCH v7 09/12] sysfs: fix deadlock race with module removal

On Mon, Sep 20, 2021 at 07:53:16AM -1000, Tejun Heo wrote:
> Hello,
> 
> On Fri, Sep 17, 2021 at 10:04:27PM -0700, Luis Chamberlain wrote:
> > If try_module_get() fails we fail the operation on the kernfs node.
> > 
> > We use a try method as a full lock means we'd then make our sysfs
> > attributes busy us out from possible module removal, and so userspace
> > could force denying module removal, a silly form of "DOS" against module
> > removal. A try lock on the module removal ensures we give priority to
> > module removal and interacting with sysfs attributes only comes second.
> > Using a full lock could mean for instance that if you don't stop poking
> > at sysfs files you cannot remove a module.
> 
> I find this explanation odd because there's no real equivalent to locking
> the module (as opposed to try locking) 

Actually there is, __module_get() but I suspect some of these users are
probably incorrect and should be be moved to try. The documentation
about "rmmod --wait" for __module_get() is also outdated as that option
is no longer supported. I'll send an update for that later.

> because you can't wait for the
> removal to finish and then grant the lock, so any operation which increases
> the reference *has* to be a try method unless the caller already holds a
> reference to the same module and thus knows that the module is already
> pinned.

Right, the reason I mention the alternative is that we technically don't
need to use try in this case since during a kernfs op it is implied the
module will be pinned, but we have further motivations to use a try
method here: to avoid a possible DOS from module removal by userspace
mucking with ops.

> The code isn't wrong, so maybe just drop the related paragraphs in
> the commit message?

Does it make sense to clarify the above a bit more somehow? Or do think
its not needed?

> >  static struct kernfs_node *__kernfs_new_node(struct kernfs_root *root,
> >  					     struct kernfs_node *parent,
> >  					     const char *name, umode_t mode,
> > +					     struct module *owner,
> >  					     kuid_t uid, kgid_t gid,
> >  					     unsigned flags)
> 
> Is there a particular reason why @owner is added between @mode and @uid?
> Sitting between two fs attributes seems a bit awkward. Maybe it can just be
> the last one?

No, I just picked an arbitrary place. Sure I'll move it to the end.

  Luis

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ