lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 15 Oct 2007 23:04:54 +0300
From:	"Vitaliy Ivanov" <vitalivanov@...il.com>
To:	"Pete Zaitcev" <zaitcev@...hat.com>
Cc:	"Willy Tarreau" <w@....eu>, gregkh@...e.de,
	linux-usb-devel@...ts.sourceforge.net, linux-kernel@...r.kernel.org
Subject: Re: [2.4 patch] Port of adutux driver from 2.6 kernel to 2.4.

Pete,

On 10/15/07, Pete Zaitcev <zaitcev@...hat.com> wrote:
> On Sun, 14 Oct 2007 23:45:36 +0300, "Vitaliy Ivanov" <vitalivanov@...il.com> wrote:
>
> > Also IMHO the more drivers are in the tree the more users will use it.
> > Once it will be merged in the mainline then it will be backported to
> > enterprise kernels and would gain wide usage.
>
> At least in case of RHEL, such backports never were automatic. In any
> case, RHEL 2.1 and 3 do not receive new drivers anymore. We only do
> bugfixes if something comes up. Realistically speaking, 2.4 kernels
> are just too old for anyone to use. So, I think it would be best for
> you to think in terms of Willy's tree only.
>
> > +     in_end_size = le16_to_cpu(dev->interrupt_in_endpoint->wMaxPacketSize);
> > +     out_end_size = le16_to_cpu(dev->interrupt_out_endpoint->wMaxPacketSize);
>
> Did you verify if this works? We use pre-swapped descriptors in 2.4.
> I suspect you allocate 256 times more memory than necessary.
>
> > +static void adu_delete(struct adu_device *dev)
> > +     kfree(dev);
>
> > +static int adu_release_internal(struct adu_device *dev)
> > +     if (dev->udev == NULL) {
> > +             adu_delete(dev);
>
> > +static int adu_open(struct inode *inode, struct file *file)
> > +     retval = adu_release_internal(dev);
> > +     up(&dev->sem);
>
> The above very clearly is a use-after-free, in case the device was
> open across a disconnect. Solution: Use minor_table_mutex to lock
> dev->open_count instead of dev->sem. There's no rule that the lock
> has to live inside the same structure with members it locks.

Thanks for your notes. Will check and correct it asap.

Vitaliy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ