Re: ioctl32_unregister_conversion & modules

Pavel Machek (pavel@ucw.cz)
Fri, 9 May 2003 17:24:36 +0200


Hi!

> > ...what is the problem?
> >
> > It seems that function pointers into modules do not need any special
> > treatmeant [I *know* there was talk about this on l-k; but I can't
> > find anything in Documentation/]:
> >
> > if (!capable(CAP_SYS_ADMIN))
> > return -EACCES;
> > if (disk->fops->ioctl) {
> > ret = disk->fops->ioctl(inode, file, cmd, arg);
> > if (ret != -EINVAL)
> > return ret;
> > }
>
> This is protected against unload by the reference counting done in
> open()/release(). ->ioctl() can be called only for open devices,
> so you know the ioctl handler is not getting unloaded while it
> is running.
>
> > So... what's the problem with {un}register_ioctl32_conversion being
> > called from module_init/module_exit? Drivers in the tree do it
> > already...
>
> The problem is that when the conversion handler is called, the reference
> counting is only done for the module listed as ->owner in the
> file operations. For example in the patch you submitted to add
> register_ioctl32_conversion() to drivers/serial/core.c I see nothing
> stopping you from unloading core.ko while the handler is running
> on a device owned by drivers/char/cyclades.c or any other serial driver.
> It does not even have to be run on a serial driver, a user might try
> to do ioctl(TIOCGSERIAL, ...) on a regular file...

Oh.... Yep, that's pretty clear.

So what you are saying is that all existing
register_ioctl32_conversion-s that are in unloadable module are
broken. Ouch.

Fixing that would require resgister_ioctl32_conversion() to have 3-rd
parameter "this module" and some magic inside fs/compat_ioctl.c,
right?

Pavel

-- 
When do you have a heart between your knees?
[Johanka's followup: and *two* hearts?]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/