Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp2003657pxu; Fri, 9 Oct 2020 05:40:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyV+F4NkGO9cJ1Vr/jrQGpxzJVeTn2mMfnnQlWN4mhukE/YM6z7SwUq+Sa04vSPRW7Yh7Yx X-Received: by 2002:a17:906:5008:: with SMTP id s8mr14702641ejj.408.1602247223919; Fri, 09 Oct 2020 05:40:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1602247223; cv=none; d=google.com; s=arc-20160816; b=CPdmqyvC69AHkzR6AZd1ctbP0UYefG+0aeC1yU+kb1SqUpkkmiMcfD0f6bSIY29Qj9 OQF0zrPScfk/vtU5/NntPEQfKxBu92emzODVEMPQ+nduaCL0tjsjWoZxfaf+6AjOoDTz vCP/K8H7lGtC9zQKao/leUyHTJAJeSWwkcohIRxndyiO/oFl4/8niSiXG3kSKeXNZsMM PPx7aT1lLskAsw36eoKuqxfV/jWq1urhn4/K96uR3lLG0Ea46U8RgRfBTUr3/z1/+9Fd 5ih1uTJxCtGCjm01F3GwaafGLK+lfZ/9wTttkhQirc4C5QWpMh5KE2NYo9MJdICWl03U S1mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id; bh=N6DWOFX0sMwzR65UvcRCil7BDWUsZQG4s7Vpu/BWhEE=; b=xUD6yz/R/0b1PqC8IYHp18BGpiAumPw8DLmIFqgI1fIAeAopxlr3pXIywpoZ7LG1vf yvNG1cG2n5R8FjYoFhN+2tckSFKWgxRCki/fzasQDK68CFLvclk7cYynjwyk4i/vTWm2 lFOrxlYdSnIx4cpKJHHeloN1ln+2giqv9hN06TESHB7enZN4P/jQDNhyto4LBuHKLODE cPCEPsXx9cm1JLBnfowY+/oKz+jb4FGA9nc35Bfxn1j8LBJHAIng+JBRs5F1bXwaWfjx IpxDzYt18azmmSnK76iZ46ImmJm81nXJTXO8G/xOqZMKk4Sik1F8xooXvzeLMwJEvyUG YaTQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bg3si6309551ejb.616.2020.10.09.05.39.58; Fri, 09 Oct 2020 05:40:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731824AbgJIKsK (ORCPT + 99 others); Fri, 9 Oct 2020 06:48:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47326 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729045AbgJIKsI (ORCPT ); Fri, 9 Oct 2020 06:48:08 -0400 Received: from sipsolutions.net (s3.sipsolutions.net [IPv6:2a01:4f8:191:4433::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4ED3BC0613D2; Fri, 9 Oct 2020 03:48:08 -0700 (PDT) Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.94) (envelope-from ) id 1kQpwT-002DQX-Vr; Fri, 09 Oct 2020 12:48:06 +0200 Message-ID: <2a333c2a50c676c461c1e2da5847dd4024099909.camel@sipsolutions.net> Subject: Re: [RFC] debugfs: protect against rmmod while files are open From: Johannes Berg To: linux-kernel@vger.kernel.org Cc: nstange@suse.de, ap420073@gmail.com, David.Laight@aculab.com, netdev@vger.kernel.org, linux-wireless@vger.kernel.org, gregkh@linuxfoundation.org, rafael@kernel.org Date: Fri, 09 Oct 2020 12:48:05 +0200 In-Reply-To: <20201009124113.a723e46a677a.Ib6576679bb8db01eb34d3dce77c4c6899c28ce26@changeid> (sfid-20201009_124139_179083_C8D99C3A) References: <4a58caee3b6b8975f4ff632bf6d2a6673788157d.camel@sipsolutions.net> <20201009124113.a723e46a677a.Ib6576679bb8db01eb34d3dce77c4c6899c28ce26@changeid> (sfid-20201009_124139_179083_C8D99C3A) Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.36.5 (3.36.5-1.fc32) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On Fri, 2020-10-09 at 12:41 +0200, Johannes Berg wrote: > If the fops doesn't have a release method, we don't even need > to keep a reference to the real_fops, we can just fops_put() > them already in debugfs remove, and a later full_proxy_release() > won't call anything anyway - this just crashed/UAFed because it > used real_fops, not because there was actually a (now invalid) > release() method. I actually implemented something a bit better than what I described - we never need a reference to the real_fops for the release method alone, and that means if the release method is in the kernel image, rather than a module, it can still be called. That together should reduce the ~117 places you changed in the large patchset to around a handful. johannes