lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Ydx83gmXczpItp81@google.com>
Date:   Mon, 10 Jan 2022 10:37:18 -0800
From:   Matthias Kaehlcke <mka@...omium.org>
To:     Bjorn Andersson <bjorn.andersson@...aro.org>
Cc:     Andy Gross <agross@...nel.org>, Ohad Ben-Cohen <ohad@...ery.com>,
        linux-kernel@...r.kernel.org, Sibi Sankar <sibis@...eaurora.org>,
        Sujit Kautkar <sujitka@...omium.org>,
        Stephen Boyd <swboyd@...omium.org>,
        linux-remoteproc@...r.kernel.org,
        Mathieu Poirier <mathieu.poirier@...aro.org>
Subject: Re: [PATCH v5 2/2] rpmsg: char: Fix race between the release of
 rpmsg_eptdev and cdev

On Mon, Jan 10, 2022 at 10:19:32AM -0800, Bjorn Andersson wrote:
> On Mon 10 Jan 09:12 PST 2022, Matthias Kaehlcke wrote:
> 
> > struct rpmsg_eptdev contains a struct cdev. The current code frees
> > the rpmsg_eptdev struct in rpmsg_eptdev_destroy(), but the cdev is
> > a managed object, therefore its release is not predictable and the
> > rpmsg_eptdev could be freed before the cdev is entirely released.
> > 
> > The cdev_device_add/del() API was created to address this issue
> > (see commit 233ed09d7fda), use it instead of cdev add/del().
> > 
> > Fixes: c0cdc19f84a4 ("rpmsg: Driver for user space endpoint interface")
> > Signed-off-by: Matthias Kaehlcke <mka@...omium.org>
> > ---
> > 
> > Changes in v5:
> > - patch added to the series
> > 
> >  drivers/rpmsg/rpmsg_char.c | 10 ++--------
> >  1 file changed, 2 insertions(+), 8 deletions(-)
> > 
> > diff --git a/drivers/rpmsg/rpmsg_char.c b/drivers/rpmsg/rpmsg_char.c
> > index ba85f5d11960..5bc1e6017587 100644
> > --- a/drivers/rpmsg/rpmsg_char.c
> > +++ b/drivers/rpmsg/rpmsg_char.c
> 
> There's a cdev_del() in rpmsg_eptdev_release_device() that I think needs
> to go as well, in line with patch 1.

Good catch, thanks, will fix.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ