From: Jason Gunthorpe <jgg@ziepe.ca>
To: Kees Cook <keescook@chromium.org>
Cc: Nathan Chancellor <nathan@kernel.org>,
Doug Ledford <dledford@redhat.com>,
Leon Romanovsky <leon@kernel.org>,
Parav Pandit <parav@nvidia.com>,
Sami Tolvanen <samitolvanen@google.com>,
linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org,
clang-built-linux@googlegroups.com
Subject: Re: CFI violation in drivers/infiniband/core/sysfs.c
Date: Fri, 2 Apr 2021 20:30:18 -0300 [thread overview]
Message-ID: <20210402233018.GA7721@ziepe.ca> (raw)
In-Reply-To: <202104021555.08B883C7@keescook>
On Fri, Apr 02, 2021 at 04:03:30PM -0700, Kees Cook wrote:
> > relevant. It seems to me that the hw_counters 'struct attribute_group'
> > should probably be its own kobj within both of these structures so they
> > can have their own sysfs ops (unless there is some other way to do this
> > that I am missing).
Err, yes, every subclass of the attribute should be accompanied by a
distinct kobject type to relay the show methods with typesafety, this
is how this design pattern is intended to be used.
If I understand your report properly the hw_stats_attribute is being
assigned to a 'port_type' kobject and it only works by pure luck because
the show/store happens to overlap between port and hsa attributes?
> > I would appreciate someone else taking a look and seeing if I am off
> > base or if there is an easier way to solve this.
>
> So, it seems that the reason for a custom kobj_type here is to use the
> .release callback.
Every kobject should be associated with a specific, fixed, attribute
type. The purpose of the wrappers is to inject type safety so the
attribute implementations know they are working on the right stuff.
In turn, an attribute of a specific attribute type can only be
injected into a kobject that has the matching type.
This code is insane because it does this:
hsag->attrs[i] = alloc_hsa(i, port_num, stats->names[i]);
// This is port kobject
struct kobject *kobj = &port->kobj;
ret = sysfs_create_group(kobj, hsag);
[..]
// This is a struct device kobject
struct kobject *kobj = &device->dev.kobj;
ret = sysfs_create_group(kobj, hsag);
Which is absolutely not allowed, you can't have a generic attribute
handler and stuff it into two different types! Things MUST use the
proper attribute subclass for what they are being attached to.
The answer is that the setup_hw_stats_() for port and device must
be split up and the attribute implementations for each of them have to
subclass starting from the correct type.
So we'd end up with two attributes for hw_stats
struct port_hw_stats {
struct port_attr attr;
struct hw_stats_data data;
};
struct device_hw_stats {
struct device_attr attr;
struct hw_stats_data data;
};
And then two show/set functions that bounce through the correct types
to the data.
And so on.
Jason
next prev parent reply other threads:[~2021-04-02 23:30 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-02 19:52 CFI violation in drivers/infiniband/core/sysfs.c Nathan Chancellor
2021-04-02 23:03 ` Kees Cook
2021-04-02 23:30 ` Jason Gunthorpe [this message]
2021-04-03 1:29 ` Kees Cook
2021-04-04 13:57 ` Jason Gunthorpe
2021-05-05 16:26 ` Greg KH
2021-05-05 17:29 ` Jason Gunthorpe
2021-05-05 17:39 ` Greg KH
2021-04-03 6:55 ` Nathan Chancellor
2021-05-04 20:22 ` Jason Gunthorpe
2021-05-05 16:26 ` Greg KH
2021-05-05 20:08 ` Nathan Chancellor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210402233018.GA7721@ziepe.ca \
--to=jgg@ziepe.ca \
--cc=clang-built-linux@googlegroups.com \
--cc=dledford@redhat.com \
--cc=keescook@chromium.org \
--cc=leon@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=nathan@kernel.org \
--cc=parav@nvidia.com \
--cc=samitolvanen@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox