lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4B5B0CEB.8060707@s5r6.in-berlin.de>
Date:	Sat, 23 Jan 2010 15:51:23 +0100
From:	Stefan Richter <stefanr@...6.in-berlin.de>
To:	Clemens Ladisch <cladisch@...tmail.net>
CC:	linux-kernel@...r.kernel.org, linux1394-devel@...ts.sourceforge.net
Subject: Re: [PATCH 1/5] firewire: fix use of multiple AV/C devices, allow
 multiple FCP listeners

Stefan Richter wrote:
> Date: Thu, 24 Dec 2009 12:05:58 +0100
> From: Clemens Ladisch <cladisch@...tmail.net>
> 
> Control of more than one AV/C device at once --- e.g. camcorders, tape
> decks, audio devices, TV tuners --- failed or worked only unreliably,
> depending on driver implementation.  This affected kernelspace and
> userspace drivers alike and was caused by firewire-core's inability to
> accept multiple registrations of FCP listeners.
> 
> The fix allows multiple address handlers to be registered for the FCP
> command and response registers.  When a request for these registers is
> received, all handlers are invoked, and the Firewire response is
> generated by the core and not by any handler.
> 
> The cdev API does not change, i.e., userspace is still expected to send
> a response for FCP requests; this response is silently ignored.
> 
> Signed-off-by: Clemens Ladisch <clemens@...isch.de>
> Signed-off-by: Stefan Richter <stefanr@...6.in-berlin.de> (changelog, rebased, whitespace)

I tested this on another box which has more kernel debug options enabled
than my current mainly used box.  Alas, there is a serious regression on
that box:

1.) testlibraw now always shows:

  - testing FCP monitoring on local node
    got fcp command from node 0 of 8 bytes:ERROR: fcp payload not correct
 6b 6b 6b 6b 6b 6b 6b 6b
    got fcp response from node 0 of 8 bytes:ERROR: fcp payload not correct
 6b 6b 6b 6b 6b 6b 6b 6b

2.) gscanbus's AV/C controls work but are now very quick to segfault.

3.) Kino frequently shows 6b:6b:6b:6b as timestamp when a DV camcorder
in "record" mode is connected.

4.) Kino is unable to determine the presence of a DV camcorder if the
camcorder is in "play" mode.

Only the AV/C kernel driver firedtv still works (tested with kaffeine).

0x6b is the POISON_FREE pattern in <linux/poison.h>.  So, we apparently
have a use-after-free issue with FCP responses in firewire-core's cdev
interface now.

None of this happened before the patch.  (There this box with otherwise
identical kernel and modules only exhibits the problem that was fixed by
the patch, i.e. no more than one FCP listener possible at a time.)
-- 
Stefan Richter
-=====-==-=- ---= =-===
http://arcgraph.de/sr/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ