lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 6 Jan 2023 13:42:58 +0100
From:   Jiri Pirko <jiri@...nulli.us>
To:     Jakub Kicinski <kuba@...nel.org>
Cc:     davem@...emloft.net, netdev@...r.kernel.org, edumazet@...gle.com,
        pabeni@...hat.com, jacob.e.keller@...el.com
Subject: Re: [PATCH net-next 5/9] devlink: remove the registration guarantee
 of references

Fri, Jan 06, 2023 at 07:33:58AM CET, kuba@...nel.org wrote:
>The objective of exposing the devlink instance locks to
>drivers was to let them use these locks to prevent user space
>from accessing the device before it's fully initialized.
>This is difficult because devlink_unregister() waits for all
>references to be released, meaning that devlink_unregister()
>can't itself be called under the instance lock.
>
>To avoid this issue devlink_register() was moved after subobject
>registration a while ago. Unfortunately the netdev paths get
>a hold of the devlink instances _before_ they are registered.
>Ideally netdev should wait for devlink init to finish (synchronizing
>on the instance lock). This can't work because we don't know if the
>instance will _ever_ be registered (in case of failures it may not).
>The other option of returning an error until devlink_register()
>is called is unappealing (user space would get a notification
>netdev exist but would have to wait arbitrary amount of time
>before accessing some of its attributes).
>
>Weaken the guarantees of the devlink references.
>
>Holding a reference will now only guarantee that the memory
>of the object is around. Another way of looking at it is that
>the reference now protects the object not its "registered" status.
>Use devlink instance lock to synchronize unregistration.
>
>This implies that releasing of the "main" reference of the devlink
>instance moves from devlink_unregister() to devlink_free().
>
>Reviewed-by: Jacob Keller <jacob.e.keller@...el.com>
>Signed-off-by: Jakub Kicinski <kuba@...nel.org>

Reviewed-by: Jiri Pirko <jiri@...dia.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ