lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <dadb79b2-ac21-1899-48b9-1c6723afb1b4@metafoo.de>
Date:   Tue, 21 Dec 2021 12:12:12 +0100
From:   Lars-Peter Clausen <lars@...afoo.de>
To:     Uwe Kleine-König <u.kleine-koenig@...gutronix.de>,
        Alexandre Torgue <alexandre.torgue@...s.st.com>,
        David Lechner <david@...hnology.com>,
        Fabrice Gasnier <fabrice.gasnier@...s.st.com>,
        Jarkko Nikula <jarkko.nikula@...ux.intel.com>,
        Kamel Bouhara <kamel.bouhara@...tlin.com>,
        Maxime Coquelin <mcoquelin.stm32@...il.com>,
        Oleksij Rempel <linux@...pel-privat.de>,
        Patrick Havelange <patrick.havelange@...ensium.com>,
        Syed Nayyar Waris <syednwaris@...il.com>,
        William Breathitt Gray <vilhelm.gray@...il.com>
Cc:     linux-arm-kernel@...ts.infradead.org, linux-iio@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        linux-stm32@...md-mailman.stormreply.com
Subject: Re: [PATCH 0/8] counter: Remove struct counter_device::priv

On 12/21/21 11:45 AM, Uwe Kleine-König wrote:
> Hello,
>
> similar to patch
> https://lore.kernel.org/r/4bde7cbd9e43a5909208102094444219d3154466.1640072891.git.vilhelm.gray@gmail.com
> the usage of struct counter_device::priv can be replaced by
> container_of which improves type safety and code size.
>
> This series depends on above patch, converts the remaining drivers and
> finally drops struct counter_device::priv.

Not sure if this is such a good idea. struct counter_device should not 
be embedded in the drivers state struct in the first place.

struct counter_device contains a struct device, which is a reference 
counted object. But by embedding it in the driver state struct the life 
time of both the struct counter_device and and struct device are bound 
to the life time of the driver state struct.

Which means the struct device memory can get freed before the last 
reference is dropped, which leads to a use-after-free and undefined 
behavior.

The framework should be changed to rather then embedding the struct 
counter_device in the state struct to just have a pointer to it. With 
the struct counter_device having its own allocation that will be freed 
when the last reference to the struct device is dropped.

- Lars

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ