[procfs] Questions regarding proc_mkdir, proc_create, and possible bugs there.

Serge Kuznetsov (sk@deeptown.org)
Thu, 14 Nov 2002 11:28:19 -0500


Hi guys,

I've got a headache when I trying to understand why it's a common practice to use calls for proc_mkdir, like that:

proc_mkdir ( "drivers/superdriver", 0 ); ?

In proc_mkdir it unwraps to

ent = proc_create ( &0, &"drivers/superdriver", (S_IFDIR | S_IRUGO | S_IXUGO),2);

and in proc_create it works like:

/* skip some code */

if (!(*(&0)) && xlate_proc_name(name, &0, &fn) != 0)
goto out;

/* skip the rest */

I can understand what by address 0x00000000 ( in kernel space ) it suppose to be some value ( GIDT[0] if I am not wrong ), but it's quite dangerous to use this practice.

Correct me if I am wrong.

PS: In xlate_proc_entry parent is not being checks for NULL but just stores the result, and it can happen SEGFAULT there.

PPS: BTW, I tested my module, and maid insmod/rmmod every time, I found when module_init called mkdir_every time I do insmod, in /proc dir created the new duplicate subdir with absolutely the same name, and it grows when I do insmod/rmmod but forget to call remove_proc_entry. I think the issue in xlate_proc_name and NULL pointer.

PPPS: Now I am testing the patch for it.

All the Best!
Serge.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/