lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <1216636273.31819.25.camel@californication>
Date:	Mon, 21 Jul 2008 12:31:13 +0200
From:	Marcel Holtmann <marcel@...tmann.org>
To:	Vegard Nossum <vegard.nossum@...il.com>
Cc:	Maxim Krasnyansky <maxk@...lcomm.com>,
	Dave Young <hidave.darkstar@...il.com>,
	Soeren Sonnenburg <kernel@....de>,
	David Woodhouse <dwmw2@...radead.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	linux-bluetooth@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Bluetooth: fix oops in rfcomm tty code (v2)

Hi Vegard,

> >> This is a resend of a patch I sent earlier. It fixes a reproducible
> >> oops (see http://lkml.org/lkml/2008/7/13/89 for test case), and I'd
> >> be very happy for some feedback from Bluetooth people. Can this be
> >> included for testing somewhere? I don't have any bluetooth devices
> >> myself, so all my testing is limited to creating/releasing devices
> >> with ioctl (I'm not sure that's good enough).
> >>
> >> Dave: I have extended the rfcomm_dev_lock to include all the setup and
> >> teardown of a single device. On second thought, it doesn't really make
> >> sense to use a separate lock for that. May I have your opinion on this
> >> second version? (I've fixed the comments/BUG_ON that you pointed out.)
> >
> > it seems it is the actually the first time, I see this one. Anyway, so
> > holding that lock is a bad idea. Fixing this the right way might be
> > tricky since the TTY layer is involved here and own the kobject. So I
> > would say we have to make sure that the RFCOMM TTY will hangup when
> > calling RELEASEDEV or otherwise fail.
> 
> On Mon, Jul 21, 2008 at 7:14 AM, Marcel Holtmann <marcel@...tmann.org> wrote:
> >> The patch titled
> >>      Bluetooth: fix oops in rfcomm tty code
> >> has been added to the -mm tree.  Its filename is
> >>      bluetooth-fix-oops-in-rfcomm-tty-code-v2.patch
> >>
> > just a quick note that I am not okay with this patch. Holding the lock
> > isn't the right solution since it would also block any other application
> > from creating new devices. We can't do this.
> 
> Hi,
> 
> We are not holding the lock across any ioctl/syscall boundary, which
> would be an error anyway.
> 
> The lock now additionally protects the calls to:
> 
>     tty_register_device
>     tty_unregister_device
>     device_create_file
> 
> I don't think these functions block or do anything with the device
> apart from just registering/unregistering the files.
> 
> Can you please explain in more detail what is wrong with the patch?
> Where are we preventing other applications from creating new devices?
> My intention was to prevent other applications from creating the
> _same_ devices while they are still in use, although attempting to
> register a new device (with an already-in-use ID) should simply fail,
> and not block.

I see an issue when a malicious application like the test program keeps
the TTY open. Then we would block any other TTY creation. Even if it is
a different TTY or process.

Regards

Marcel


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ