lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 27 Apr 2022 02:09:16 +0900
From:   Chanwoo Choi <cwchoi00@...il.com>
To:     bumwoo lee <bw365.lee@...sung.com>,
        MyungJoo Ham <myungjoo.ham@...sung.com>,
        Chanwoo Choi <cw00.choi@...sung.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] extcon: modify extcon device to be created after driver
 data is set

Hi Bumwoo,

Firstly, I'm sorry for late replay.

On 22. 3. 31. 12:03, bumwoo lee wrote:
> Currently, someone can invoke the sysfs such as state_show()
> intermittently before set_drvdata() is done.
> And it can be a cause of kernel Oops because of edev is Null at that time.
> So modified the driver registration to after setting drviver data.
> 
> - Oops's backtrace.
> 
> Backtrace:
> [<c067865c>] (state_show) from [<c05222e8>] (dev_attr_show)
> [<c05222c0>] (dev_attr_show) from [<c02c66e0>] (sysfs_kf_seq_show)
> [<c02c6648>] (sysfs_kf_seq_show) from [<c02c496c>] (kernfs_seq_show)
> [<c02c4938>] (kernfs_seq_show) from [<c025e2a0>] (seq_read)
> [<c025e11c>] (seq_read) from [<c02c50a0>] (kernfs_fop_read)
> [<c02c5064>] (kernfs_fop_read) from [<c0231cac>] (__vfs_read)
> [<c0231c5c>] (__vfs_read) from [<c0231ee0>] (vfs_read)
> [<c0231e34>] (vfs_read) from [<c0232464>] (ksys_read)
> [<c02323f0>] (ksys_read) from [<c02324fc>] (sys_read)
> [<c02324e4>] (sys_read) from [<c00091d0>] (__sys_trace_return)
> 
> Signed-off-by: bumwoo lee <bw365.lee@...sung.com>
> ---
>   drivers/extcon/extcon.c | 12 ++++++------
>   1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/drivers/extcon/extcon.c b/drivers/extcon/extcon.c
> index d27cd9f88f86..74fee04bd764 100644
> --- a/drivers/extcon/extcon.c
> +++ b/drivers/extcon/extcon.c
> @@ -1224,18 +1224,13 @@ int extcon_dev_register(struct extcon_dev *edev)
>   		edev->dev.type = &edev->extcon_dev_type;
>   	}
>   
> -	ret = device_register(&edev->dev);
> -	if (ret) {
> -		put_device(&edev->dev);
> -		goto err_dev;
> -	}
> +	device_initialize(&edev->dev);
>   
>   	spin_lock_init(&edev->lock);
>   	edev->nh = devm_kcalloc(&edev->dev, edev->max_supported,
>   				sizeof(*edev->nh), GFP_KERNEL);

Actually, I'm not sure that it is proper to use 'edev->dev'
by devm_kcalloc before device_add. When error happen
between device_initialize and device_add, I think that
it is not properly handled such as free the allocated memory
automatically.

>   	if (!edev->nh) {
>   		ret = -ENOMEM;
> -		device_unregister(&edev->dev);
>   		goto err_dev;
>   	}
>   
> @@ -1251,9 +1246,14 @@ int extcon_dev_register(struct extcon_dev *edev)
>   	list_add(&edev->entry, &extcon_dev_list);
>   	mutex_unlock(&extcon_dev_list_lock);
>   
> +	ret = device_add(&edev->dev);
> +	if (ret)
> +		goto err_dev;

On this case, need to delete entry from extcon_dev_list
by using list_del.

> +
>   	return 0;
>   
>   err_dev:
> +	put_device(&edev->dev);
>   	if (edev->max_supported)
>   		kfree(edev->extcon_dev_type.groups);
>   err_alloc_groups:


I recommend that move device_register() position after dev_set_drvdata.
And then use kcalloc instead of devm_kcalloc as following:


diff --git a/drivers/extcon/extcon.c b/drivers/extcon/extcon.c
index d27cd9f88f86..80e5bfec1131 100644
--- a/drivers/extcon/extcon.c
+++ b/drivers/extcon/extcon.c
@@ -1224,19 +1224,11 @@ int extcon_dev_register(struct extcon_dev *edev)
                 edev->dev.type = &edev->extcon_dev_type;
         }

-       ret = device_register(&edev->dev);
-       if (ret) {
-               put_device(&edev->dev);
-               goto err_dev;
-       }
-
         spin_lock_init(&edev->lock);
-       edev->nh = devm_kcalloc(&edev->dev, edev->max_supported,
-                               sizeof(*edev->nh), GFP_KERNEL);
+       edev->nh = kcalloc(edev->max_supported, sizeof(*edev->nh), 
GFP_KERNEL);
         if (!edev->nh) {
                 ret = -ENOMEM;
-               device_unregister(&edev->dev);
-               goto err_dev;
+               goto err_alloc_nh;
         }

         for (index = 0; index < edev->max_supported; index++)
@@ -1247,6 +1239,12 @@ int extcon_dev_register(struct extcon_dev *edev)
         dev_set_drvdata(&edev->dev, edev);
         edev->state = 0;

+       ret = device_register(&edev->dev);
+       if (ret) {
+               put_device(&edev->dev);
+               goto err_dev;
+       }
+
         mutex_lock(&extcon_dev_list_lock);
         list_add(&edev->entry, &extcon_dev_list);
         mutex_unlock(&extcon_dev_list_lock);
@@ -1254,6 +1252,9 @@ int extcon_dev_register(struct extcon_dev *edev)
         return 0;

  err_dev:
+       if (edev->max_supported)
+               kfree(edev->nh);
+err_alloc_nh:
         if (edev->max_supported)
                 kfree(edev->extcon_dev_type.groups);
  err_alloc_groups:
@@ -1314,6 +1315,7 @@ void extcon_dev_unregister(struct extcon_dev *edev)
         if (edev->max_supported) {
                 kfree(edev->extcon_dev_type.groups);
                 kfree(edev->cables);
+               kfree(edev->nh);
         }

         put_device(&edev->dev);



-- 
Best Regards,
Samsung Electronics
Chanwoo Choi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ