b43-dev.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
From: Nicolai Stange <nstange@suse.de>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: David Laight <David.Laight@ACULAB.COM>,
	'Taehee Yoo' <ap420073@gmail.com>,
	"davem@davemloft.net" <davem@davemloft.net>,
	"kuba@kernel.org" <kuba@kernel.org>,
	"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
	Nicolai Stange <nstange@suse.de>,
	"linux-wireless@vger.kernel.org" <linux-wireless@vger.kernel.org>,
	"wil6210@qti.qualcomm.com" <wil6210@qti.qualcomm.com>,
	"brcm80211-dev-list@cypress.com" <brcm80211-dev-list@cypress.com>,
	"b43-dev@lists.infradead.org" <b43-dev@lists.infradead.org>,
	"linux-bluetooth@vger.kernel.org"
	<linux-bluetooth@vger.kernel.org>
Subject: [PATCH net 000/117] net: avoid to remove module when its debugfs is being used
Date: Fri, 09 Oct 2020 07:09:01 +0200	[thread overview]
Message-ID: <87v9fkgf4i.fsf@suse.de> (raw)
In-Reply-To: <62f6c2bd11ed8b25c1cd4462ebc6db870adc4229.camel@sipsolutions.net> (Johannes Berg's message of "Thu, 08 Oct 2020 18:14:15 +0200")

Johannes Berg <johannes@sipsolutions.net> writes:

> On Thu, 2020-10-08 at 15:59 +0000, David Laight wrote:
>> From: Taehee Yoo
>> > Sent: 08 October 2020 16:49
>> > 
>> > When debugfs file is opened, its module should not be removed until
>> > it's closed.
>> > Because debugfs internally uses the module's data.
>> > So, it could access freed memory.
>> > 
>> > In order to avoid panic, it just sets .owner to THIS_MODULE.
>> > So that all modules will be held when its debugfs file is opened.
>> 
>> Can't you fix it in common code?

Probably not: it's the call to ->release() that's faulting in the Oops
quoted in the cover letter and that one can't be protected by the
core debugfs code, unfortunately.

There's a comment in full_proxy_release(), which reads as

	/*
	 * We must not protect this against removal races here: the
	 * original releaser should be called unconditionally in order
	 * not to leak any resources. Releasers must not assume that
	 * ->i_private is still being meaningful here.
	 */

> Yeah I was just wondering that too - weren't the proxy_fops even already
> intended to fix this?

No, as far as file_operations are concerned, the proxy fops's intent was
only to ensure that the memory the file_operations' ->owner resides in
is still valid so that try_module_get() won't splat at file open
(c.f. [1]).

You're right that the default "full" proxy fops do prevent all
file_operations but ->release() from getting invoked on removed files,
but the motivation had not been to protect the file_operations
themselves, but accesses to any stale data associated with removed files
([2]).


> The modules _should_ be removing the debugfs files, and then the
> proxy_fops should kick in, no?

No, as said, not for ->release(). I haven't looked into the inidividual
patches here, but setting ->owner indeed sounds like the right thing to
do.

But you're right that modules should be removing any left debugfs files
at exit.

Thanks,

Nicolai


[1] 9fd4dcece43a ("debugfs: prevent access to possibly dead
                   file_operations at file open")
[2] 49d200deaa68 ("debugfs: prevent access to removed files' private data")

-- 
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 N?rnberg, Germany
(HRB 36809, AG N?rnberg), GF: Felix Imend?rffer

  parent reply	other threads:[~2020-10-09  5:09 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-08 15:48 [PATCH net 000/117] net: avoid to remove module when its debugfs is being used Taehee Yoo
2020-10-08 15:59 ` David Laight
2020-10-08 16:14   ` Johannes Berg
2020-10-08 16:37     ` Taehee Yoo
2020-10-09  5:38       ` Nicolai Stange
2020-10-09 10:07         ` Taehee Yoo
2020-10-09  5:09     ` Nicolai Stange [this message]
2020-10-09  7:45       ` Johannes Berg
2020-10-09 10:15         ` Taehee Yoo
2020-10-09 10:21           ` Johannes Berg
2020-10-09 15:33             ` Steve deRosier

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87v9fkgf4i.fsf@suse.de \
    --to=nstange@suse.de \
    --cc=David.Laight@ACULAB.COM \
    --cc=ap420073@gmail.com \
    --cc=b43-dev@lists.infradead.org \
    --cc=brcm80211-dev-list@cypress.com \
    --cc=davem@davemloft.net \
    --cc=johannes@sipsolutions.net \
    --cc=kuba@kernel.org \
    --cc=linux-bluetooth@vger.kernel.org \
    --cc=linux-wireless@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=wil6210@qti.qualcomm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).