lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4A017B2B.1050906@windriver.com>
Date:	Wed, 06 May 2009 06:57:31 -0500
From:	Jason Wessel <jason.wessel@...driver.com>
To:	Oliver Neukum <oliver@...kum.org>
CC:	greg@...ah.com, linux-usb@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/5] usb_debug: implement multi urb write

Oliver Neukum wrote:
> Am Mittwoch, 6. Mai 2009 04:00:01 schrieb Jason Wessel:
>
> in static void usb_debug_write_bulk_callback(struct urb *urb)
>   
>> +       if (status) {
>> +               dbg("nonzero write bulk status received: %d", status);
>> +               return;
>> +       }
>>     
>
> [..]
>   
>> +       spin_lock_irqsave(&priv->tx_lock, flags);
>> +       --priv->tx_outstanding_urbs;
>> +       spin_unlock_irqrestore(&priv->tx_lock, flags);
>>     
>
> That's a clear bug. If a URB finishes, you must decrease the counter, always
> and without exception, even if status indicates an error.
>
>   
Thanks Oliver,

I would agree with you on that.  It also means that the ftdi_sio.c
driver has the same bug, because that is where it was derived from.  You
led me to see another flaw upon further inspection in that the usb_debug
driver must also implement the chars_in_buffer() call back because the
generic serial code will cause an oops with a null pointer dereference
of the write_urb.

Cheers,
Jason.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ