Re: [PATCH v2] char: xillybus: Prevent use-after-free due to race condition

From: Eli Billauer
Date: Sun Oct 30 2022 - 14:56:43 EST

Next message: Philipp Hortmann: "Re: [PATCH v2 00/13] staging: r8188eu: clean up action frame handlers"
Previous message: Nadav Amit: "Re: [PATCH v2] hugetlb: don't delete vma_lock in hugetlb MADV_DONTNEED processing"
In reply to: Alan Stern: "Re: [PATCH v2] char: xillybus: Prevent use-after-free due to race condition"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 30/10/2022 18:23, Alan Stern wrote:

It looks like the xillybus driver already has a private mutex that would
have been very well suited for this task: unit_mutex defined in
xillybus_class.c.

Indeed so. The problem is that unit_mutex is global to xillybus_class.c, and I need the mutex to be released in xillyusb.c: The kref counter, which needs to be incremented with a mutex held, is inside a structure that only the XillyUSB driver knows about, so xillybus_class can't do that. Which is why xillybus_find_inode() passed a pointer to unit_mutex to its caller in the v1 version of this patch. But that turned out to be too odd.

Of course, there's nothing wrong with using a new
mutex instead -- just make sure there aren't any ABBA locking order
problems.

The kref_mutex is always taken with no other (Xillybus-related) mutex taken. So the locking order is assured.

But thanks for the reminder. Never hurts checking again.

Regards,
Eli

Next message: Philipp Hortmann: "Re: [PATCH v2 00/13] staging: r8188eu: clean up action frame handlers"
Previous message: Nadav Amit: "Re: [PATCH v2] hugetlb: don't delete vma_lock in hugetlb MADV_DONTNEED processing"
In reply to: Alan Stern: "Re: [PATCH v2] char: xillybus: Prevent use-after-free due to race condition"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]