| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Feb 2010 21:48:08 -0800 From: Greg KH <greg@...ah.com> To: Markus Rechberger <mrechberger@...il.com> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, linux-usb@...r.kernel.org, werner@...ane.dyn-o-saur.com, Marcus Meissner <meissner@...e.de>, linux-kernel@...r.kernel.org Subject: Re: 2.6.33 bugs (USBFS, Intel graphic) On Sat, Feb 27, 2010 at 06:38:09AM +0100, Markus Rechberger wrote: > On Sat, Feb 27, 2010 at 6:26 AM, Greg KH <greg@...ah.com> wrote: > > On Fri, Feb 26, 2010 at 09:17:37PM -0800, Greg KH wrote: > >> On Sat, Feb 27, 2010 at 05:34:27AM +0100, Markus Rechberger wrote: > >> > On Sat, Feb 27, 2010 at 5:29 AM, Linus Torvalds > >> > <torvalds@...ux-foundation.org> wrote: > >> > > > >> > > > >> > > On Fri, 26 Feb 2010, Greg KH wrote: > >> > >> > >> > >> Yes, and that patch didn't touch the iso frames. ?That happens later on > >> > >> in the functions that were modified. ?The patch should not have had any > >> > >> affect on iso transfers. ?Unless I'm missing something? > >> > > > >> > > Hmm. What seems to happen is that for an isochronous transfer, the buffer > >> > > is split for each microframe. No? > >> > > > >> > > >> > exactly. and each microframe has its own buffer length identifier. > >> > > >> > the current behaviour breaks VMware, QEMU and virtualbox .. probably > >> > other things too. > >> > > >> > > >> > > So the total length may be in 'urb->actual_length', but the actual data in > >> > > the buffer may not be contiguous, because it's created from multiple > >> > > smaller frames, some of which might not be full length? > >> > > > >> > > >> > yes, it's only contiguous for BULK. > >> > > >> > > I dunno. That would explain the problem - actual_length is correct, but > >> > > the 'copy_to_user()' still doesn't copy all the data, because it's > >> > > fragmented. > >> > > > >> > > >> > no you got it, but your patch does not work. The best way would be to > >> > revert it if someone wants to speed up BULK it should go down another > >> > path, leaving the old working implementation untouched. > >> > >> Hm, so it's back to the original idea of just doing a kzalloc of the > >> initial buffer, that should solve the problem that Marcus found. > >> > >> I'll go dig that back up and if you could test it, that would be most > >> appreciated. > > > > Here, can you try this on top of everything? > > > > just tested it, everything's back to normal again now! Thanks for testing, I'll queue it up for Linus and then add it back to .32-stable. Linus, I know you didn't want to do a kzalloc, but it looks like this is the easiest/simplest thing to do, unless you can think of something else? thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists