lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 9 Oct 2020 08:34:14 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     'Johannes Berg' <johannes@...solutions.net>,
        Greg KH <gregkh@...uxfoundation.org>
CC:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "nstange@...e.de" <nstange@...e.de>,
        "ap420073@...il.com" <ap420073@...il.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
        "rafael@...nel.org" <rafael@...nel.org>
Subject: RE: [CRAZY-RFF] debugfs: track open files and release on remove

From: Johannes Berg
> Sent: 09 October 2020 09:19
> 
> On Fri, 2020-10-09 at 10:16 +0200, Greg KH wrote:
> > On Fri, Oct 09, 2020 at 10:06:14AM +0200, Johannes Berg wrote:
> > > We used to say the proxy_fops weren't needed and it wasn't an issue, and
> > > then still implemented it. Dunno. I'm not really too concerned about it
> > > myself, only root can hold the files open and remove modules ...
> >
> > proxy_fops were needed because devices can be removed from the system at
> > any time, causing their debugfs files to want to also be removed.  It
> > wasn't because of unloading kernel code.
> 
> Indeed, that's true. Still, we lived with it for years.
> 
> Anyway, like I said, I really just did this more to see that it _could_
> be done, not to suggest that it _should_ :-)
> 
> I think adding the .owner everywhere would be good, and perhaps we can
> somehow put a check somewhere like
> 
> 	WARN_ON(is_module_address((unsigned long)fops) && !fops->owner);
> 
> to prevent the issue in the future?

Does it ever make any sense to set .owner to anything other than
THIS_MODULE?

If not the code that saves the 'struct file_operations' address
ought to be able to save the associated module.

I was also wondering if this affects normal opens?
They should hold a reference on the module to stop it being unloaded.
Does that rely on .owner being set?

For debugfs surely it is possible to determine and save THIS_MODULE
when he nodes are registers and do a try_module_get() in the open?

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists