| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Apr 2023 11:27:30 -0700
From: Luis Chamberlain <mcgrof@...nel.org>
To: Mirsad Goran Todorovac <mirsad.todorovac@....unizg.hr>,
Scott Branden <sbranden@...adcom.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Russ Weight <russell.h.weight@...el.com>,
linux-kernel@...r.kernel.org,
Tianfei zhang <tianfei.zhang@...el.com>,
Christophe JAILLET <christophe.jaillet@...adoo.fr>,
Zhengchao Shao <shaozhengchao@...wei.com>,
Colin Ian King <colin.i.king@...il.com>,
Takashi Iwai <tiwai@...e.de>,
Kees Cook <keescook@...omium.org>,
Dan Carpenter <error27@...il.com>,
Vincenzo Palazzo <vincenzopalazzodev@...il.com>
Subject: Re: [PATCH RESEND v4 1/1] test_firmware: fix some memory leaks and
racing conditions
On Fri, Apr 21, 2023 at 08:52:06PM +0200, Mirsad Goran Todorovac wrote:
> Some functions were called both from locked and unlocked context, so
> the lock was dropped prematurely, introducing a race condition when
> deadlock was avoided.
>
> Having two locks wouldn't assure a race-proof mutual exclusion.
>
> __test_dev_config_update_bool(), __test_dev_config_update_u8() and
> __test_dev_config_update_size_t() unlocked versions of the functions
> were introduced to be called from the locked contexts as a workaround
> without releasing the main driver's lock and causing a race condition.
>
> This should guarantee mutual exclusion and prevent any race conditions.
>
> Locked versions simply allow for mutual exclusion and call the unlocked
> counterparts, to avoid duplication of code.
>
> trigger_batched_requests_store() and trigger_batched_requests_async_store()
> now return -EBUSY if called with test_fw_config->reqs already allocated,
> so the memory leak is prevented.
>
> The same functions now keep track of the allocated buf for firmware in
> req->fw_buf as release_firmware() will not deallocate this storage for us.
>
> Additionally, in __test_release_all_firmware(), req->fw_buf is released
> before calling release_firmware(req->fw),
> foreach test_fw_config->reqs[i], i = 0 .. test_fw_config->num_requests-1
>
> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> Cc: Luis Chamberlain <mcgrof@...nel.org>
> Cc: Russ Weight <russell.h.weight@...el.com>
> Cc: Tianfei zhang <tianfei.zhang@...el.com>
> Cc: Christophe JAILLET <christophe.jaillet@...adoo.fr>
> Cc: Zhengchao Shao <shaozhengchao@...wei.com>
> Cc: Colin Ian King <colin.i.king@...il.com>
> Cc: linux-kernel@...r.kernel.org
> Cc: Takashi Iwai <tiwai@...e.de>
> Cc: Kees Cook <keescook@...omium.org>
> Cc: Scott Branden <sbranden@...adcom.com>
> Cc: Luis R. Rodriguez <mcgrof@...nel.org>
> Suggested-by: Dan Carpenter <error27@...il.com>
> Signed-off-by: Mirsad Goran Todorovac <mirsad.todorovac@....unizg.hr>
Mirad, thanks for this work, good stuff! So the patch just needs to be
adjust with:
Fixes: 7feebfa487b92 ("test_firmware: add support for request_firmware_into_buf"
Cc: stable@...r.kernel.org # v5.4
Then, can you split the patch in two, one which fixes the memory leaks
and another that deals with the mutexes. The second patch might be a fix
for the original code but I can't tell until I see the changes split out.
The commit log should account for the memory leak and be clear how it
happens. The other commit log for the second patch should clarify what
it fixes and why as well.
Luis
Powered by blists - more mailing lists