lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 16 Dec 2021 15:14:38 +0100
From:   Petr Mladek <pmladek@...e.com>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     David Vernet <void@...ifault.com>, Miroslav Benes <mbenes@...e.cz>,
        linux-doc@...r.kernel.org, live-patching@...r.kernel.org,
        linux-kernel@...r.kernel.org, jpoimboe@...hat.com,
        jikos@...nel.org, joe.lawrence@...hat.com, corbet@....net,
        yhs@...com, songliubraving@...com
Subject: Re: [PATCH] livepatch: Fix leak on klp_init_patch_early failure path

On Wed 2021-12-15 16:35:24, Greg Kroah-Hartman wrote:
> On Wed, Dec 15, 2021 at 09:19:59AM +0100, Petr Mladek wrote:
> > On Tue 2021-12-14 16:50:15, Greg Kroah-Hartman wrote:
> > > 
> > > kobject_init() does allocate things internally, where does it say it
> > > does not?  What is trying to be "fixed" here?
> > 
> > Could you please show where things are allocated in kobject_init()?
> > I do not see it in the code!
> > 
> > It looks to me like a cargo cult claim to me.
> 
> Hm, I thought I saw it yesterday when I reviewed the code.  Let me look
> again...
> 
> > Documentation/core-api/kobject.rst says:
> > 
> >    Once you registered your kobject via kobject_add(), you must never use
> >    kfree() to free it directly. The only safe way is to use kobject_put().
> > 
> > kobject_add() makes perfect sense because it copies the name, takes
> > reference to the parent, etc.
> > 
> > kobject_init() just initializes the structure members and nothing else.
> 
> Now it does.  In the past, I think we did create some memory.  I know
> when we hook debugobjects up to kobjects (there's an external patch for
> that floating around somewhere), that is one reason to keep the
> kobject_put() rule, and there might have been other reasons in the past
> 20+ years as well.
> 
> So yes, while you are correct today, the "normal" reference counted
> object model patern is "after the object is initialized, it MUST only be
> freed by handling its reference count."  So let's stick to that rule for
> now.

Good point.


> If you want, I can put some code in the kobject_init() logic to force
> this to be the case if it bothers you :)

I actually know about one case where this might be very useful.

There is the problem with kobject lifetime and module removal.
module is removed after mod->exit() callback finishes. But some
kobject release() callbacks might be delayed, especillay when
CONFIG_DEBUG_KOBJECT_RELEASE is enabled.

I have proposed there a solution where kobject_add_internal() takes reference
on the module. It would make sure that the module will stay in the
memory until the release callbacks is called, see
https://lore.kernel.org/all/Ya84O2%2FnYCyNb%2Ffp@alley/

But kobject_add_internal() is not the right place. The reference on
the module should be taken already in kobject_init() because the
release callbacks might be used after this point.

Best Regards,
Petr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ