| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <cover.1641185192.git.dxu@dxuuu.xyz>
Date: Sun, 2 Jan 2022 21:01:38 -0800
From: Daniel Xu <dxu@...uu.xyz>
To: arnd@...db.de, gregkh@...uxfoundation.org, giometti@...eenne.com,
linux-kernel@...r.kernel.org
Cc: Daniel Xu <dxu@...uu.xyz>, thesven73@...il.com, ojeda@...nel.org
Subject: [RFC char-misc-next 0/2] Add private pointer to struct cdev
The details are explained more thoroughly in the actual commits, but the
basic idea behind this RFC patchset is that:
* Using cdev_init() on an embedded struct cdev can lead to subtle
use-after-free issues
* Switching to cdev_alloc() and storing a pointer fixes the lifetime
issues but also breaks container_of()
* Deal with container_of() breakage by adding a void *private field
I've "fixed" (I'm aware module unloading is best-effort and may not
constitute a "real" bug) the issue in a random driver I found that
exhibits the issue. The other drivers I've seen with the issue are hard
for me to load/unload, so just one for now.
If this patchset is deemed acceptable, I'd be happy to convert other
broken drivers I find, but with the understanding that the best I can do
for testing is compiling them.
Daniel Xu (2):
cdev: Add private pointer to struct cdev
pps: Fix use-after-free cdev bug on module unload
drivers/pps/pps.c | 20 +++++++++++---------
include/linux/cdev.h | 1 +
include/linux/pps_kernel.h | 2 +-
3 files changed, 13 insertions(+), 10 deletions(-)
--
2.34.1
Powered by blists - more mailing lists