Re: [PATCH RFC 1/2] kobject: add return value for kobject_put()

From: Yu Kuai
Date: Tue Oct 18 2022 - 09:12:26 EST

Next message: Robin Murphy: "[PATCH] ACPI: scan: Fix DMA range assignment"
Previous message: Geert Uytterhoeven: "Re: [PATCH v2 36/36] pinctrl: Clean up headers"
In reply to: Greg KH: "Re: [PATCH RFC 1/2] kobject: add return value for kobject_put()"
Next in thread: Greg KH: "Re: [PATCH RFC 1/2] kobject: add return value for kobject_put()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

在 2022/10/18 21:00, Greg KH 写道:

On Tue, Oct 18, 2022 at 09:14:31PM +0800, Yu Kuai wrote:

The return value will be used in later patch to fix uaf for slave_dir
and bd_holder_dir in block layer.

Then the user will be incorrect, this is not ok, you should never care
if you are the last "put" on an object at all. Hint, what happens right
after you call this and get the result?

I tried to reset the pointer to NULL in patch 2 to prevent uaf. And the
whole kobject_put() and pointer reset is protected by a mutex, the mutex
will be used on the reader side before kobject_get as well. So, in fact,
I'm protecting them by the mutex...

I can bypass it by using another reference anyway. But let's see if
anyone has suggestions on the other patch.

sorry, but NAK.

I know the best way is too refactor the lifecycle of the problematic
bd_holder_dir/slave_dir, however, I gave that up because this seems
quite complicated and influence is very huge...

Thanks,
Kuai

greg k-h
.

Next message: Robin Murphy: "[PATCH] ACPI: scan: Fix DMA range assignment"
Previous message: Geert Uytterhoeven: "Re: [PATCH v2 36/36] pinctrl: Clean up headers"
In reply to: Greg KH: "Re: [PATCH RFC 1/2] kobject: add return value for kobject_put()"
Next in thread: Greg KH: "Re: [PATCH RFC 1/2] kobject: add return value for kobject_put()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]