lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20230206155107.qwf5tbrqsbvv4hln@pengutronix.de>
Date:   Mon, 6 Feb 2023 16:51:07 +0100
From:   Uwe Kleine-König <u.kleine-koenig@...gutronix.de>
To:     Wolfram Sang <wsa@...nel.org>, Bartosz Golaszewski <brgl@...ev.pl>,
        linux-i2c@...r.kernel.org, linux-kernel@...r.kernel.org,
        Bartosz Golaszewski <bartosz.golaszewski@...aro.org>
Subject: Re: [PATCH v3] i2c: dev: don't allow user-space to deadlock the
 kernel

Hello,

ah, this is the mail I missed before.

On Wed, Jan 25, 2023 at 11:11:59PM +0100, Wolfram Sang wrote:
> 
> > So, this code handled all my stress-testing well so far. I'll try to
> > think of some more ideas until this evening, but likely I will apply it
> > later. Nonetheless, more review eyes are still welcome!
> 
> Ah yes, I now recalled why I had the gut feeling that this solution is
> not complete. See this mail thread from 2015:
> 
> https://lkml.iu.edu/hypermail/linux/kernel/1501.2/01700.html
> 
> There are still drivers using i2c_del_adapter()+kfree(), so removing the
> completion could cause use-after-free there, or?

There is also a strange construct in spi that I understand at one point
in time, but I failed to swap it in quickly. It's about commit
794aaf01444d4e765e2b067cba01cc69c1c68ed9. I think there should be a
nicer solution than to track if the controller was allocated using devm,
but I don't remember the details. But before addressing the i2c problem
it might be worth to invest some time into that spi issue to not make
the same mistake for i2c.

Best regards
Uwe

-- 
Pengutronix e.K.                           | Uwe Kleine-König            |
Industrial Linux Solutions                 | https://www.pengutronix.de/ |

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ