| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZfIKwFSmw-ACj_jO@slm.duckdns.org>
Date: Wed, 13 Mar 2024 10:21:20 -1000
From: Tejun Heo <tj@...nel.org>
To: Alan Stern <stern@...land.harvard.edu>
Cc: Greg KH <gregkh@...uxfoundation.org>,
Kernel development list <linux-kernel@...r.kernel.org>
Subject: Re: Bug in sysfs_break_active_protection()
Sorry about late reply.
On Mon, Mar 04, 2024 at 02:17:27PM -0500, Alan Stern wrote:
..
> struct kernfs_node *sysfs_break_active_protection(struct kobject *kobj,
> const struct attribute *attr)
> {
> struct kernfs_node *kn;
>
> kobject_get(kobj);
> kn = kernfs_find_and_get(kobj->sd, attr->name);
> if (kn)
> kernfs_break_active_protection(kn);
> return kn;
> }
..
> If kn is NULL then the kobject_get(kobj) reference is never dropped.
> It looks like this could happen if two processes want to unregister the
> same kobject at the same time.
>
> Shouldn't sysfs_break_active_protection() do this?
>
> kobject_get(kobj);
> kn = kernfs_find_and_get(kobj->sd, attr->name);
> if (kn)
> kernfs_break_active_protection(kn);
> + else
> + kobject_put(kobj);
> return kn;
Yeah, I think you're right. It's an obvious ref leak. Would you mind writing
up a patch?
Thank you.
--
tejun
Powered by blists - more mailing lists