11 Oct
2021
11 Oct
'21
6:28 p.m.
On Tue, Oct 05, 2021 at 01:57:00PM -0700, Kees Cook wrote:
On Mon, Sep 27, 2021 at 09:38:05AM -0700, Luis Chamberlain wrote:
The ATTRIBUTE_GROUPS is typically used to avoid boiler plate code which is used in many drivers. Embracing ATTRIBUTE_GROUPS was long due on the zram driver, however a recent fix for sysfs allows users of ATTRIBUTE_GROUPS to also associate a module to the group attribute.
Does this mean that other modules using sysfs but _not_ ATTRIBUTE_GROUPS() are still vulnerable to potential use-after-free of the kernfs fops?
The issue is not UAF, its the possible deadlock, but in that sense, yes. If they don't use ATTRIBUTE_GROUPS() then there is no information being provided to sysfs about the module owner.
Luis