lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZEgbkoSjHcVLcCcp@bombadil.infradead.org>
Date:   Tue, 25 Apr 2023 11:27:30 -0700
From:   Luis Chamberlain <mcgrof@...nel.org>
To:     Mirsad Goran Todorovac <mirsad.todorovac@....unizg.hr>,
        Scott Branden <sbranden@...adcom.com>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Russ Weight <russell.h.weight@...el.com>,
        linux-kernel@...r.kernel.org,
        Tianfei zhang <tianfei.zhang@...el.com>,
        Christophe JAILLET <christophe.jaillet@...adoo.fr>,
        Zhengchao Shao <shaozhengchao@...wei.com>,
        Colin Ian King <colin.i.king@...il.com>,
        Takashi Iwai <tiwai@...e.de>,
        Kees Cook <keescook@...omium.org>,
        Dan Carpenter <error27@...il.com>,
        Vincenzo Palazzo <vincenzopalazzodev@...il.com>
Subject: Re: [PATCH RESEND v4 1/1] test_firmware: fix some memory leaks and
 racing conditions

On Fri, Apr 21, 2023 at 08:52:06PM +0200, Mirsad Goran Todorovac wrote:
> Some functions were called both from locked and unlocked context, so
> the lock was dropped prematurely, introducing a race condition when
> deadlock was avoided.
> 
> Having two locks wouldn't assure a race-proof mutual exclusion.
> 
> __test_dev_config_update_bool(), __test_dev_config_update_u8() and
> __test_dev_config_update_size_t() unlocked versions of the functions
> were introduced to be called from the locked contexts as a workaround
> without releasing the main driver's lock and causing a race condition.
> 
> This should guarantee mutual exclusion and prevent any race conditions.
> 
> Locked versions simply allow for mutual exclusion and call the unlocked
> counterparts, to avoid duplication of code.
> 
> trigger_batched_requests_store() and trigger_batched_requests_async_store()
> now return -EBUSY if called with test_fw_config->reqs already allocated,
> so the memory leak is prevented.
> 
> The same functions now keep track of the allocated buf for firmware in
> req->fw_buf as release_firmware() will not deallocate this storage for us.
> 
> Additionally, in __test_release_all_firmware(), req->fw_buf is released
> before calling release_firmware(req->fw),
> foreach test_fw_config->reqs[i], i = 0 .. test_fw_config->num_requests-1
> 
> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> 
> Cc: Luis Chamberlain <mcgrof@...nel.org> 
> Cc: Russ Weight <russell.h.weight@...el.com> 
> Cc: Tianfei zhang <tianfei.zhang@...el.com> 
> Cc: Christophe JAILLET <christophe.jaillet@...adoo.fr> 
> Cc: Zhengchao Shao <shaozhengchao@...wei.com> 
> Cc: Colin Ian King <colin.i.king@...il.com> 
> Cc: linux-kernel@...r.kernel.org 
> Cc: Takashi Iwai <tiwai@...e.de>
> Cc: Kees Cook <keescook@...omium.org>
> Cc: Scott Branden <sbranden@...adcom.com>
> Cc: Luis R. Rodriguez <mcgrof@...nel.org>
> Suggested-by: Dan Carpenter <error27@...il.com>
> Signed-off-by: Mirsad Goran Todorovac <mirsad.todorovac@....unizg.hr>

Mirad, thanks for this work, good stuff! So the patch just needs to be
adjust with:

Fixes: 7feebfa487b92 ("test_firmware: add support for request_firmware_into_buf"
Cc: stable@...r.kernel.org # v5.4

Then, can you split the patch in two, one which fixes the memory leaks
and another that deals with the mutexes. The second patch might be a fix
for the original code but I can't tell until I see the changes split out.

The commit log should account for the memory leak and be clear how it
happens. The other commit log for the second patch should clarify what
it fixes and why as well.

  Luis

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ