lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 14 Jun 2010 09:29:19 -0700
From:	Greg KH <gregkh@...e.de>
To:	Andy Whitcroft <apw@...onical.com>
Cc:	linux-usb@...r.kernel.org,
	Inaky Perez-Gonzalez <inaky.perez-gonzalez@...el.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] khubd -- switch USB product/manufacturer/serial
 handling to RCU

On Mon, Jun 14, 2010 at 12:15:41PM +0100, Andy Whitcroft wrote:
> With the introduction of wireless USB hubs the product, manufacturer,
> and serial number are now mutable.

Changable by whom?  The device itself?  This has always been the case,
although it is usually very rare for a device to do this.

> This necessitates new locking in the gconsumers of these values
> including the sysfs read routines in order to prevent use-after-free
> acces to these values.

Who would access them after they go away?

> These extra locks create significant lock contention leading to
> increased boot times (0.3s for an example Atom based system).

Who is doing all of the deauthorization at boot time that this would
ever matter at all?

> Move update of these values to RCU based locking.

Ick.  What has changed that necessitates this?  You discuss a variety of
different things in this bug report:

> BugLink: http://bugs.launchpad.net/bugs/510937

Which would have been nice to dicuss with the people on these lists.  I
really don't think this is the correct fix, as a normal boot path
shouldn't be having non-authorized usb devices, right?  And from that
bug, once the machine is up and running, there is no contention here,
right?

not convinced,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ