lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <b3eda642-f181-de6c-9975-42ce3e149db3@outbound.gmail.com>
Date: Tue, 11 Mar 2025 19:23:20 +0200
From: Eli Billauer <eli.billauer@...il.com>
To: Ma Ke <make24@...as.ac.cn>, arnd@...db.de, gregkh@...uxfoundation.org
Cc: linux-kernel@...r.kernel.org, akpm@...ux-foundation.org,
 stable@...r.kernel.org
Subject: Re: [PATCH v2] char: xillybus: Fix error handling in
 xillybus_init_chrdev()

Hello,

In what way is this better? cdev_del() calls cdev_unmap() to undo the 
mapping that a successful call to cdev_add() performs, but that's 
unnecessary, because the whole point is that the latter failed. And then 
cdev_del() calls kobject_put(), and then returns.

So the existing code calls kobject_put() directly, achieving the same 
effect. It's a matter of coding style. Which is better? I don't know.

What is the common convention in the kernel? Not clear either. For 
example, in fs/fuse/cuse.c a failure of cdev_add() leads to a call to 
cdev_del(), like you suggested. However, in uio/uio.c the same scenario 
is handled by a call to kobject_put(), exactly as in my driver.

Has this topic been discussed in the past? Any decision made?

Besides, if we remove the call to kobject_put(), so should the comment 
explaining it.

Regards,
    Eli

On 11/03/2025 3:39, Ma Ke wrote:
> After cdev_alloc() succeed and cdev_add() failed, call cdev_del() to
> remove unit->cdev from the system properly.
> 
> Found by code review.
> 
> Cc: stable@...r.kernel.org
> Fixes: 8cb5d216ab33 ("char: xillybus: Move class-related functions to new xillybus_class.c")
> Signed-off-by: Ma Ke <make24@...as.ac.cn>
> ---
> Changes in v2:
> - modified the patch as suggestions to avoid UAF.
> ---
>   drivers/char/xillybus/xillybus_class.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/char/xillybus/xillybus_class.c b/drivers/char/xillybus/xillybus_class.c
> index c92a628e389e..356af6551b0d 100644
> --- a/drivers/char/xillybus/xillybus_class.c
> +++ b/drivers/char/xillybus/xillybus_class.c
> @@ -104,8 +104,7 @@ int xillybus_init_chrdev(struct device *dev,
>   	if (rc) {
>   		dev_err(dev, "Failed to add cdev.\n");
>   		/* kobject_put() is normally done by cdev_del() */
> -		kobject_put(&unit->cdev->kobj);
> -		goto unregister_chrdev;
> +		goto err_cdev;
>   	}
>   
>   	for (i = 0; i < num_nodes; i++) {
> @@ -157,6 +156,7 @@ int xillybus_init_chrdev(struct device *dev,
>   		device_destroy(&xillybus_class, MKDEV(unit->major,
>   						     i + unit->lowest_minor));
>   
> +err_cdev:
>   	cdev_del(unit->cdev);
>   
>   unregister_chrdev:

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ