| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Ynt0aFMX+z/UhGJ2@infradead.org>
Date: Wed, 11 May 2022 01:31:36 -0700
From: Christoph Hellwig <hch@...radead.org>
To: John Garry <john.garry@...wei.com>
Cc: Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>,
Christoph Hellwig <hch@...radead.org>,
"Ewan D. Milne" <emilne@...hat.com>,
"James E.J. Bottomley" <jejb@...ux.ibm.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
Alim Akhtar <alim.akhtar@...sung.com>,
Avri Altman <avri.altman@....com>,
Doug Gilbert <dgilbert@...erlog.com>,
linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org,
james.smart@...adcom.com
Subject: Re: [PATCH 1/4] scsi: core: constify pointer to scsi_host_template
On Mon, May 09, 2022 at 03:50:33PM +0100, John Garry wrote:
> If you check scsi_device_dev_release(), we try to do a 'get' - if it fails,
> then we nullify hostt->module. I think that is important as then we call
> execute_in_process_context(), whose worker does the 'put'. However, the
> 'put' will get upset if the refcnt was 0, which it would be if the earlier
> 'get' fails - hence the nullify is to avoid that possibility. So whatever
> you do needs to handle that. Details are in f2b85040
Yikes, that code is completely and utterly buggy and does not account
for all the cases why try_module_get can fail. I think we always have
a reference here and could use __module_get, but what we have is
certainly unsafe and a good reason why the host template should be
constifyed.
Powered by blists - more mailing lists