lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <001e01d859dc$3d4d6870$b7e83950$@samsung.com>
Date:   Wed, 27 Apr 2022 11:12:26 +0900
From:   이범우 <bw365.lee@...sung.com>
To:     "'Chanwoo Choi'" <cwchoi00@...il.com>,
        "'MyungJoo Ham'" <myungjoo.ham@...sung.com>,
        "'Chanwoo Choi'" <cw00.choi@...sung.com>,
        <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH] extcon: modify extcon device to be created after driver
 data is set

Hi chanwoo.

Thank you for your review.

Actually, I thought the same thing as you first.
However, it was a problem because dev->devres_lock was not initialized and devm_kcalloc was used, and this patch was created instead of using kcalloc instead of devm_kcalloc.

In your opinion, if I use kcalloc instead of devm_kcalloc, there will be no problem.
But, I think the code of the following part should be supplemented.

1. alloc edev->nh when edev->max_supported is none zero.
@@ -1224,19 +1224,14 @@ int extcon_dev_register(struct extcon_dev *edev)
+       if (edev->max_supported) {
+               edev->nh = kcalloc(edev->max_supported, sizeof(*edev->nh),
+                               GFP_KERNEL);
+               if (!edev->nh) {
+                       ret = -ENOMEM;
+                       goto err_alloc_nh;
+               }
        }
2. free evdev->nh when device unregister.
@@ -1314,6 +1318,7 @@ void extcon_dev_unregister(struct extcon_dev *edev)
        if (edev->max_supported) {
                kfree(edev->extcon_dev_type.groups);
                kfree(edev->cables);
+               kfree(edev->nh);
        }

I will re-raise commit after testing.
Please let me know if you  have additional concern.

Best Regards,
Bumwoo Lee.
-----Original Message-----
From: Chanwoo Choi <cwchoi00@...il.com> 
Sent: Wednesday, April 27, 2022 2:09 AM
To: bumwoo lee <bw365.lee@...sung.com>; MyungJoo Ham <myungjoo.ham@...sung.com>; Chanwoo Choi <cw00.choi@...sung.com>; linux-kernel@...r.kernel.org
Subject: Re: [PATCH] extcon: modify extcon device to be created after driver data is set

Hi Bumwoo,

Firstly, I'm sorry for late replay.

On 22. 3. 31. 12:03, bumwoo lee wrote:
> Currently, someone can invoke the sysfs such as state_show() 
> intermittently before set_drvdata() is done.
> And it can be a cause of kernel Oops because of edev is Null at that time.
> So modified the driver registration to after setting drviver data.
> 
> - Oops's backtrace.
> 
> Backtrace:
> [<c067865c>] (state_show) from [<c05222e8>] (dev_attr_show) 
> [<c05222c0>] (dev_attr_show) from [<c02c66e0>] (sysfs_kf_seq_show) 
> [<c02c6648>] (sysfs_kf_seq_show) from [<c02c496c>] (kernfs_seq_show) 
> [<c02c4938>] (kernfs_seq_show) from [<c025e2a0>] (seq_read) 
> [<c025e11c>] (seq_read) from [<c02c50a0>] (kernfs_fop_read) 
> [<c02c5064>] (kernfs_fop_read) from [<c0231cac>] (__vfs_read) 
> [<c0231c5c>] (__vfs_read) from [<c0231ee0>] (vfs_read) [<c0231e34>] 
> (vfs_read) from [<c0232464>] (ksys_read) [<c02323f0>] (ksys_read) from 
> [<c02324fc>] (sys_read) [<c02324e4>] (sys_read) from [<c00091d0>] 
> (__sys_trace_return)
> 
> Signed-off-by: bumwoo lee <bw365.lee@...sung.com>
> ---
>   drivers/extcon/extcon.c | 12 ++++++------
>   1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/drivers/extcon/extcon.c b/drivers/extcon/extcon.c index 
> d27cd9f88f86..74fee04bd764 100644
> --- a/drivers/extcon/extcon.c
> +++ b/drivers/extcon/extcon.c
> @@ -1224,18 +1224,13 @@ int extcon_dev_register(struct extcon_dev *edev)
>   		edev->dev.type = &edev->extcon_dev_type;
>   	}
>   
> -	ret = device_register(&edev->dev);
> -	if (ret) {
> -		put_device(&edev->dev);
> -		goto err_dev;
> -	}
> +	device_initialize(&edev->dev);
>   
>   	spin_lock_init(&edev->lock);
>   	edev->nh = devm_kcalloc(&edev->dev, edev->max_supported,
>   				sizeof(*edev->nh), GFP_KERNEL);

Actually, I'm not sure that it is proper to use 'edev->dev'
by devm_kcalloc before device_add. When error happen between device_initialize and device_add, I think that it is not properly handled such as free the allocated memory automatically.

>   	if (!edev->nh) {
>   		ret = -ENOMEM;
> -		device_unregister(&edev->dev);
>   		goto err_dev;
>   	}
>   
> @@ -1251,9 +1246,14 @@ int extcon_dev_register(struct extcon_dev *edev)
>   	list_add(&edev->entry, &extcon_dev_list);
>   	mutex_unlock(&extcon_dev_list_lock);
>   
> +	ret = device_add(&edev->dev);
> +	if (ret)
> +		goto err_dev;

On this case, need to delete entry from extcon_dev_list by using list_del.

> +
>   	return 0;
>   
>   err_dev:
> +	put_device(&edev->dev);
>   	if (edev->max_supported)
>   		kfree(edev->extcon_dev_type.groups);
>   err_alloc_groups:


I recommend that move device_register() position after dev_set_drvdata.
And then use kcalloc instead of devm_kcalloc as following:


diff --git a/drivers/extcon/extcon.c b/drivers/extcon/extcon.c index d27cd9f88f86..80e5bfec1131 100644
--- a/drivers/extcon/extcon.c
+++ b/drivers/extcon/extcon.c
@@ -1224,19 +1224,11 @@ int extcon_dev_register(struct extcon_dev *edev)
                 edev->dev.type = &edev->extcon_dev_type;
         }

-       ret = device_register(&edev->dev);
-       if (ret) {
-               put_device(&edev->dev);
-               goto err_dev;
-       }
-
         spin_lock_init(&edev->lock);
-       edev->nh = devm_kcalloc(&edev->dev, edev->max_supported,
-                               sizeof(*edev->nh), GFP_KERNEL);
+       edev->nh = kcalloc(edev->max_supported, sizeof(*edev->nh),
GFP_KERNEL);
         if (!edev->nh) {
                 ret = -ENOMEM;
-               device_unregister(&edev->dev);
-               goto err_dev;
+               goto err_alloc_nh;
         }

         for (index = 0; index < edev->max_supported; index++) @@ -1247,6 +1239,12 @@ int extcon_dev_register(struct extcon_dev *edev)
         dev_set_drvdata(&edev->dev, edev);
         edev->state = 0;

+       ret = device_register(&edev->dev);
+       if (ret) {
+               put_device(&edev->dev);
+               goto err_dev;
+       }
+
         mutex_lock(&extcon_dev_list_lock);
         list_add(&edev->entry, &extcon_dev_list);
         mutex_unlock(&extcon_dev_list_lock);
@@ -1254,6 +1252,9 @@ int extcon_dev_register(struct extcon_dev *edev)
         return 0;

  err_dev:
+       if (edev->max_supported)
+               kfree(edev->nh);
+err_alloc_nh:
         if (edev->max_supported)
                 kfree(edev->extcon_dev_type.groups);
  err_alloc_groups:
@@ -1314,6 +1315,7 @@ void extcon_dev_unregister(struct extcon_dev *edev)
         if (edev->max_supported) {
                 kfree(edev->extcon_dev_type.groups);
                 kfree(edev->cables);
+               kfree(edev->nh);
         }

         put_device(&edev->dev);



--
Best Regards,
Samsung Electronics
Chanwoo Choi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ