diff options
author | Alex Chiang <achiang@hp.com> | 2009-03-13 19:07:36 +0100 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2009-03-25 00:38:26 +0100 |
commit | 669420644c79c207f83fdf9105ae782867e2991f (patch) | |
tree | 668491b3700bcc65e45d5ff9471f6fde5d5743af /Documentation/SecurityBugs | |
parent | Driver core: Fix device_move() vs. dpm list ordering, v2 (diff) | |
download | linux-669420644c79c207f83fdf9105ae782867e2991f.tar.xz linux-669420644c79c207f83fdf9105ae782867e2991f.zip |
sysfs: only allow one scheduled removal callback per kobj
The only way for a sysfs attribute to remove itself (without
deadlock) is to use the sysfs_schedule_callback() interface.
Vegard Nossum discovered that a poorly written sysfs ->store
callback can repeatedly schedule remove callbacks on the same
device over and over, e.g.
$ while true ; do echo 1 > /sys/devices/.../remove ; done
If the 'remove' attribute uses the sysfs_schedule_callback API
and also does not protect itself from concurrent accesses, its
callback handler will be called multiple times, and will
eventually attempt to perform operations on a freed kobject,
leading to many problems.
Instead of requiring all callers of sysfs_schedule_callback to
implement their own synchronization, provide the protection in
the infrastructure.
Now, sysfs_schedule_callback will only allow one scheduled
callback per kobject. On subsequent calls with the same kobject,
return -EAGAIN.
This is a short term fix. The long term fix is to allow sysfs
attributes to remove themselves directly, without any of this
callback hokey pokey.
[cornelia.huck@de.ibm.com: s390 ccwgroup bits]
Reported-by: vegard.nossum@gmail.com
Signed-off-by: Alex Chiang <achiang@hp.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'Documentation/SecurityBugs')
0 files changed, 0 insertions, 0 deletions