lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20241019125041.5e85dcce@jic23-huawei>
Date: Sat, 19 Oct 2024 12:50:41 +0100
From: Jonathan Cameron <jic23@...nel.org>
To: Matteo Martelli <matteomartelli3@...il.com>
Cc: Sebastian Reichel <sebastian.reichel@...labora.com>, Lars-Peter Clausen
 <lars@...afoo.de>, Michael Hennerich <Michael.Hennerich@...log.com>,
 Alisa-Dariana Roman <alisa.roman@...log.com>, Christian Eggers
 <ceggers@...i.de>, Peter Rosin <peda@...ntia.se>, Paul Cercueil
 <paul@...pouillou.net>, linux-iio@...r.kernel.org,
 linux-kernel@...r.kernel.org, linux-mips@...r.kernel.org,
 linux-pm@...r.kernel.org
Subject: Re: [PATCH v3 2/5] iio: consumers: copy/release available info from
 producer to fix race

On Thu, 17 Oct 2024 12:49:23 +0200
Matteo Martelli <matteomartelli3@...il.com> wrote:

> Quoting Sebastian Reichel (2024-10-16 23:08:30)
> > Hi,
> > 
> > On Tue, Oct 15, 2024 at 01:06:35PM +0200, Matteo Martelli wrote:  
> > > Consumers need to call the producer's read_avail_release_resource()
> > > callback after reading producer's available info. To avoid a race
> > > condition with the producer unregistration, change inkern
> > > iio_channel_read_avail() so that it copies the available info from the
> > > producer and immediately calls its release callback with info_exists
> > > locked.
> > > 
> > > Also, modify the users of iio_read_avail_channel_raw() and
> > > iio_read_avail_channel_attribute() to free the copied available buffers
> > > after calling these functions.
> > > 
> > > Signed-off-by: Matteo Martelli <matteomartelli3@...il.com>
> > > ---
> > > diff --git a/drivers/power/supply/ingenic-battery.c b/drivers/power/supply/ingenic-battery.c
> > > index 0a40f425c27723ccec49985b8b5e14a737b6a7eb..3db000d9fff9a7a6819631314547b3d16db7f967 100644
> > > --- a/drivers/power/supply/ingenic-battery.c
> > > +++ b/drivers/power/supply/ingenic-battery.c
> > > @@ -12,6 +12,7 @@
> > >  #include <linux/platform_device.h>
> > >  #include <linux/power_supply.h>
> > >  #include <linux/property.h>
> > > +#include <linux/slab.h>
> > >  
> > >  struct ingenic_battery {
> > >       struct device *dev;
> > > @@ -79,8 +80,10 @@ static int ingenic_battery_set_scale(struct ingenic_battery *bat)
> > >               dev_err(bat->dev, "Unable to read channel avail scale\n");
> > >               return ret;
> > >       }
> > > -     if (ret != IIO_AVAIL_LIST || scale_type != IIO_VAL_FRACTIONAL_LOG2)
> > > -             return -EINVAL;
> > > +     if (ret != IIO_AVAIL_LIST || scale_type != IIO_VAL_FRACTIONAL_LOG2) {
> > > +             ret = -EINVAL;
> > > +             goto out;
> > > +     }
> > >  
> > >       max_mV = bat->info->voltage_max_design_uv / 1000;
> > >  
> > > @@ -99,7 +102,8 @@ static int ingenic_battery_set_scale(struct ingenic_battery *bat)
> > >  
> > >       if (best_idx < 0) {
> > >               dev_err(bat->dev, "Unable to find matching voltage scale\n");
> > > -             return -EINVAL;
> > > +             ret = -EINVAL;
> > > +             goto out;
> > >       }
> > >  
> > >       /* Only set scale if there is more than one (fractional) entry */
> > > @@ -109,10 +113,13 @@ static int ingenic_battery_set_scale(struct ingenic_battery *bat)
> > >                                                 scale_raw[best_idx + 1],
> > >                                                 IIO_CHAN_INFO_SCALE);
> > >               if (ret)
> > > -                     return ret;
> > > +                     goto out;
> > >       }
> > >  
> > > -     return 0;
> > > +     ret = 0;
> > > +out:
> > > +     kfree(scale_raw);
> > > +     return ret;
> > >  }
> > >  
> > >  static enum power_supply_property ingenic_battery_properties[] = {  
> > 
> > It should be enough to declare scale_raw like this at the beginning
> > of the function and otherwise keep it as is when you include
> > <linux/cleanup.h>:
> > 
> > const int *scale_raw __free(kfree) = NULL;  
> 
> Nice! I wasn't aware of it, thanks! I'll try it and submit it in next version.
> 
> I think that also fits for the similar usage in iio_channel_read_min() and
> iio_channel_read_max() as well.

Take care with this + read the documents.
The constructor and destructor should be in one line.
https://lore.kernel.org/all/172294149613.2215.3274492813920223809.tip-bot2@tip-bot2/
specifically the second to last line.

It's a clever tool but use with care!

Jonathan


> 
> > 
> > Greetings,
> > 
> > -- Sebastian  
> 
> Thanks,
> Matteo Martelli

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ