| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ac02a348-8caa-4f99-a982-cb71695b3887@icloud.com> Date: Thu, 26 Jun 2025 22:54:41 +0800 From: Zijun Hu <zijun_hu@...oud.com> To: Thadeu Lima de Souza Cascardo <cascardo@...lia.com> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Arnd Bergmann <arnd@...db.de>, linux-kernel@...r.kernel.org, Zijun Hu <zijun.hu@....qualcomm.com> Subject: Re: [PATCH RFC] char: misc: Enforce simple minor space division On 2025/6/26 20:37, Thadeu Lima de Souza Cascardo wrote: >> drivers/misc/misc_minor_kunit.c may need to be corrected to reflecting >> division today. >> > Correct, those added tests do not enforce that one cannot register a static > minor above MISC_DYNAMIC_MINOR. > > However, to some extent [1], it tests that a MISC_DYNAMIC_MINOR allocation > will not return a number in the range of the static numbers. See > miscdev_test_dynamic_only_range. > > It also tests that if a dynamic minor is allocated and one tries to > allocate that same number statically, it will fail. It also tries [2] to > test the other way around. That is, if one minor was statically allocate in > the dynamic range, that a dynamic allocation will not return that same > number. > > Those tests, named miscdev_test_conflict and miscdev_test_conflict_reverse > were written considering the current implementation, which allows for > static allocations in the "dynamic range". > > If we are going to change that, you need to change the tests too. > agree. > I would suggest applying only the last hunk of your patched > drivers/char/misc.c with a separate commit. Then, when misc_deregister agree. > would be called the minor would be restored. However, since statically > allocating a minor above 255 would still be allowed, it could "restore" it > wrongly. > now. will disallow statically allocating a minor above 255 since below disadvantages: 1) if the minor was requested by other dynamic request. requesting a fixed minor which > 255 will be failed. 2) both fixed minors and dynamic minors interleave int the same space. > As Greg has observed, if there is no known case in the kernel where minor > is not set to MISC_DYNAMIC_MINOR by the driver before it calls > misc_register a second time, then there is nothing to fix here. If there > is such a case, then the driver must be fixed. It has always been the case, > even when the ranges were different, that the minor needed to be reset to > MISC_DYNAMIC_MINOR before calling misc_register after misc_deregister has > been called. > this patch is to solve such reentry issue. > As you point out, when misc_register fails, it already restores the minor > number. > > Let me know if you want to proceed with this change and need help with the > test case. I may be slow to respond since I am going on vacation. > I will split this RFC patch and modify test cases. welcome to get your comments at any time. thank you (^^). > Regards. > Cascardo. > > > [1] To some extent, because due to the large dynamic range, it only tries > allocating 256 dynamic minors. And only verifies numbers below 16 are not > returned, because that was the bug that existed before. > > [2] Tries, because due to the large dynamic range, instead of allocating > all numbers, it just assumes that the allocator would give the first > number, but it also picks that "first" number by doing a dynamic allocation > and freeing it.
Powered by blists - more mailing lists