lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4165774b-2b96-83d1-67eb-f7c49dd8041e@opensource.cirrus.com>
Date:   Tue, 26 Jul 2022 11:32:28 +0100
From:   Richard Fitzgerald <rf@...nsource.cirrus.com>
To:     Greg KH <gregkh@...uxfoundation.org>
CC:     <rafael@...nel.org>, <dri-devel@...ts.freedesktop.org>,
        <linux-kernel@...r.kernel.org>, <patches@...nsource.cirrus.com>
Subject: Re: [PATCH] component: try_module_get() to prevent unloading while in
 use

On 25/07/2022 19:09, Greg KH wrote:
> On Mon, Jul 25, 2022 at 05:08:59PM +0100, Richard Fitzgerald wrote:
>> Call try_module_get() on a component before attempting to call its
>> bind() function, to ensure that a loadable module cannot be
>> unloaded while we are executing its bind().
> 
> How can bind be called while the module is unloaded?
> 

I didn't say it could. What I said is "unloaded while we are executing
its bind()". Maybe that's already guaranteed to be safe somehow. It's
actually the problem below that I was trying to fix but placing the
try_module_get() before the bind() rather than after bind() seemed a
trivial extra safety.

>> If the bind is successful the module_put() is called only after it
>> has been unbound. This ensures that the module cannot be unloaded
>> while it is in use as an aggregate device.
> 
> That's almost never the correct thing to do, what problem is this
> solving?
> 

What I see is that when a loadable module has been made part of an
aggregate it is still possible to rmmod'd it.

An alternative workaround would be for the parent to softdep to every
driver that _might_ provide the aggregated components. Softdeps aren't
unusual (we use it in some drivers that are directly related but don't
directly link into each other). But to me this feels like a hack when
used with the component framework - isn't the idea that the parent
doesn't know (or doesn't need to know) which drivers will be aggregated?
Wouldn't it be better that when a component driver is bound into an
aggregate its module is automatically marked in-use?

If there's a better way to mark the module in-use while is it bound
into an aggregate, let me know and I'll look at implementing it.

> thanks,
> 
> greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ