lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <600D5CB4DFD93545BF61FF01473D11AC0B175252@limkexm2.ad.analog.com>
Date:	Mon, 21 May 2007 14:49:03 +0100
From:	"Hennerich, Michael" <Michael.Hennerich@...log.com>
To:	"Pekka Enberg" <penberg@...helsinki.fi>,
	"Hennerich, Michael" <Michael.Hennerich@...log.com>
Cc:	"Bryan Wu" <bryan.wu@...log.com>, <torvalds@...ux-foundation.org>,
	<akpm@...ux-foundation.org>, <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH 12/32] Blackfin arch: Fix bug using usb keyboard crashes kernel

I'm also not an expert...
  
But without conswitchp preset (potential fix):

During initcalls: con_init is called, and returns because of
!display_desc.

static int __init con_init(void)
{
	const char *display_desc = NULL;
	struct vc_data *vc;
	unsigned int currcons = 0, i;

	acquire_console_sem();

	if (conswitchp)
		display_desc = conswitchp->con_startup();
	if (!display_desc) {
		fg_console = 0;
		release_console_sem();
		return 0; // RETURNS HERE
	}

--snip--

}

At this point there is no memory allocated for vc_cons[].d
A bit later vty_init calls kbd_init.

int __init vty_init(void)
{

--snip--
	kbd_init();
--snip--

}

>From now on events are passed to kbd_event which will then call
kbd_keycode.
I don't see where vc_cons[].d in between there is initialized.
 

>-----Original Message-----
>From: penberg@...il.com [mailto:penberg@...il.com] On Behalf Of Pekka
>Enberg
>Sent: Montag, 21. Mai 2007 14:51
>To: Hennerich, Michael
>Cc: Bryan Wu; torvalds@...ux-foundation.org; akpm@...ux-foundation.org;
>linux-kernel@...r.kernel.org
>Subject: Re: [PATCH 12/32] Blackfin arch: Fix bug using usb keyboard
>crashes kernel
>
>On 5/21/07, Hennerich, Michael <Michael.Hennerich@...log.com> wrote:
>> With CONFIG_VT (drivers/char/vt.c) enabled and a USB HID keyboard
>connected,
>> we were seeing bad pointer dereferences in drivers/char/keyboard.c
>>
>> In function kbd_keycode vc_cons[fg_console].d was un-initialized.
>
>On 5/21/07, Pekka Enberg <penberg@...helsinki.fi> wrote:
>> Makes sense. Please consider adding this to the changelog. Thanks.
>
>I am not an expert on this, but I don't see how vc_cons[fg_console].d
>would be uninitialized. It is always set in
>drivers/char/vt.c:con_init() and drivers/char/vt.c:vc_allocate(). The
>conswitchp change affects vc->vc_sw but I don't see that being used in
>drivers/char/keyboard.c:kbd_keycode() except indirectly via
>set_console et al.
>
>Perhaps I am missing something here?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ