lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 10 Dec 2019 09:59:29 +0100
From:   Martin Schiller <ms@....tdt.de>
To:     Arnd Bergmann <arnd@...db.de>
Cc:     David Miller <davem@...emloft.net>, khc@...waw.pl,
        gregkh <gregkh@...uxfoundation.org>,
        driverdevel <devel@...verdev.osuosl.org>,
        Networking <netdev@...r.kernel.org>,
        linux-kernel@...r.kernel.org, Eric Biggers <ebiggers@...nel.org>,
        Andrew Hendry <andrew.hendry@...il.com>,
        linux-x25@...r.kernel.org, Kevin Curtis <kevin.curtis@...site.com>,
        "R.J.Dunlop" <bob.dunlop@...site.com>,
        Qiang Zhao <qiang.zhao@....com>
Subject: Re: [PATCH 4/4] [RFC] staging/net: move AF_X25 into drivers/staging

On 2019-12-09 20:26, Arnd Bergmann wrote:
> On Mon, Dec 9, 2019 at 7:29 PM David Miller <davem@...emloft.net> 
> wrote:
>> 
>> From: Arnd Bergmann <arnd@...db.de>
>> Date: Mon,  9 Dec 2019 16:12:56 +0100
>> 
>> > syzbot keeps finding issues in the X.25 implementation that nobody is
>> > interested in fixing.  Given that all the x25 patches of the past years
>> > that are not global cleanups tend to fix user-triggered oopses, is it
>> > time to just retire the subsystem?
>> 
>> I have a bug fix that I'm currently applying to 'net' right now 
>> actually:
>> 
>>         https://patchwork.ozlabs.org/patch/1205973/
>> 
>> So your proposal might be a bit premature.
> 
> Ok, makes sense. Looking back in the history, I also see other bugfixes
> from the same author.
> 
> Adding Martin Schiller to Cc: for a few questions:
> 
> - What hardware are you using for X.25?

I would say that X.25 is (at least in Germany) not dead yet. For 
example, it is
still used in the railway network of the Deutsche Bahn AG in many 
different
areas. [1]

We deliver products for this and use the Linux X.25 stack with some 
bugfixes
and extensions that I would like to get upstream.

As hardware/interfaces we use X.21bis/G.703 adapters, which are 
connected via
HDLC_X25 and LAPB. Also for this there are extensions and bugfixes, 
which I
would like to include in the kernel.

> - Would you be available to be listed in the MAINTAINERS file
>   as a contact for net/x25?

Yes, you can add me to the MAINTAINERS file.
I have only limited time, but I will try to follow all requests 
concerning this
subsystem.

> - Does your bug fix address the latest issue found by syzbot[1],
>   or do you have an idea to fix it if not?

I don't have a direct solution for the concrete problem mentioned above, 
but at
first sight I would say that the commit 95d6ebd53c79 ("net/x25: fix
use-after-free in x25_device_event()") holds the wrong lock 
(&x25_list_lock).
Shouldn't this be the lock &x25_neigh_list_lock as in x25_get_neigh(), 
where
x25_neigh_hold() is called?

> 
>         Arnd
> 
> [1]
> https://lore.kernel.org/netdev/CAK8P3a0LdF+aQ1hnZrVKkNBQaum0WqW1jyR7_Eb+JRiwyHWr6Q@mail.gmail.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ