lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <AANLkTiki82ZFntH2M6UTyB7+215=4mNmk3SsxiS=CGDH@mail.gmail.com>
Date:	Wed, 18 Aug 2010 09:43:16 +0100
From:	trapDoor <trapdoor6@...il.com>
To:	Jiri Kosina <jkosina@...e.cz>
Cc:	"Rafael J. Wysocki" <rjw@...k.pl>,
	LKML <linux-kernel@...r.kernel.org>, arnd@...db.de,
	osnix0@...glemail.com, andrea.gelmini@...ma.net,
	trapDoor <trapdoor6@...glemail.com>
Subject: Re: [REGRESSION, bisected] 2.6.36-rc1 - suspend issues

[adding Gabriel Craciunescu <osnix0@...glemail.com> and Andrea Gelmini
<andrea.gelmini@...ma.net> to CC lilst]

Hello,

On Wed, Aug 18, 2010 at 8:13 AM, Jiri Kosina <jkosina@...e.cz> wrote:
> On Wed, 18 Aug 2010, trapDoor wrote:
>
>> >> Bisecting turned up the following commit. Reverting it in 2.6.36-rc1
>> >> results in a system that works.
>> >>
>> >> commit bd25f4dd6972755579d0ea50d1a5ace2e9b00d1a
>> >> Author: Arnd Bergmann <arnd@...db.de>
>> >> Date:   Sun Jul 11 15:34:05 2010 +0200
>> >>
>> >>     HID: hiddev: use usb_find_interface, get rid of BKL
>> >>
>> >>     This removes the private hiddev_table in the usbhid
>> >>     driver and changes it to use usb_find_interface
>> >>     instead.
>> >>
>> >>     The advantage is that we can avoid the race between
>> >>     usb_register_dev and usb_open and no longer need the
>> >>     big kernel lock.
>> >>
>> >>     This doesn't introduce race condition -- the intf pointer could be
>> >>     invalidated only in hiddev_disconnect() through usb_deregister_dev(),
>> >>     but that will block on minor_rwsem and not actually remove the device
>> >>     until usb_open().
>> >> -----------------------
>> >>
>> >> Despite mentioned issues with network (occurring every time after
>> >> unsuccessful suspend > hard restart) the bisecting turned up a commit
>> >> which isn't rather related to network. But I can confirm that
>> >> reverting only this one commit in 2.6.36-rc1
>> >> [da5cabf80e2433131bf0ed8993abc0f7ea618c73] fixes the whole problem -
>> >> suspend works OK and I have no issues with my network after waking the
>> >> system up, neither after re-booting from the same or any other kernel.
>> >>
>> >> Please let me know what further details should I provide. Any logs,
>> >> hardware specifications? I've also made a brief log recording the
>> >> bisect if anyone would need it.
>> >
>> > Well, we should let the HID maintainer know about the problem (CC added).
>>
>> Thanks Rafael,
>> Before I opened this thread I only searched on
>> http://vger.kernel.org/vger-lists.html for any appropriate mailing
>> list but nothing linke linux-*hid* there. Now I've found out that
>> there is a list of all maintainers included in the kernel source. I'll
>> keep that in mind ..
>
> Yeah, MAINTAINERS file is always good to consult. Also CCing all people
> who have Signed-off-by or Acked-by the offending patch is usually a good
> idea.

Thanks for the tip.

> Could you please verify whether the patch below (which is currently queued
> in my tree and I am planning to push it to Linus soon, as it fixes memory
> corruption) fixes your issue? Thanks.
>
> commit 9c9e54a8df0be48aa359744f412377cc55c3b7d2
> Author: Jiri Kosina <jkosina@...e.cz>
> Date:   Fri Aug 13 12:19:45 2010 +0200
>
>    HID: hiddev: fix memory corruption due to invalid intfdata
>
>    Commit bd25f4dd6972755579d0 ("HID: hiddev: use usb_find_interface,
>    get rid of BKL") introduced using of private intfdata in hiddev for
>    purpose of storing hiddev pointer.
>
>    This is a problem, because intf pointer is already being set to struct
>    hid_device pointer by HID core. This obviously lead to memory corruptions
>    at device disconnect time, such as
>
>    WARNING: at lib/kobject.c:595 kobject_put+0x37/0x4b()
>    kobject: '(null)' (ffff88011e9cd898): is not initialized, yet kobject_put() is being called.
>
>    Convert hiddev into accessing hiddev through struct hid_device which is
>    in intfdata already.
>
>    Reported-and-tested-by: Markus Trippelsdorf <markus@...ppelsdorf.de>
>    Reported-and-tested-by: Heinz Diehl <htd@...tha.org>
>    Reported-and-tested-by: Alan Ott <alan@...nal11.us>
>    Signed-off-by: Jiri Kosina <jkosina@...e.cz>
>
> diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
> index f285017..0a29c51 100644
> --- a/drivers/hid/usbhid/hiddev.c
> +++ b/drivers/hid/usbhid/hiddev.c
> @@ -266,13 +266,15 @@ static int hiddev_open(struct inode *inode, struct file *file)
>  {
>        struct hiddev_list *list;
>        struct usb_interface *intf;
> +       struct hid_device *hid;
>        struct hiddev *hiddev;
>        int res;
>
>        intf = usb_find_interface(&hiddev_driver, iminor(inode));
>        if (!intf)
>                return -ENODEV;
> -       hiddev = usb_get_intfdata(intf);
> +       hid = usb_get_intfdata(intf);
> +       hiddev = hid->hiddev;
>
>        if (!(list = kzalloc(sizeof(struct hiddev_list), GFP_KERNEL)))
>                return -ENOMEM;
> @@ -890,7 +892,6 @@ int hiddev_connect(struct hid_device *hid, unsigned int force)
>        hid->hiddev = hiddev;
>        hiddev->hid = hid;
>        hiddev->exist = 1;
> -       usb_set_intfdata(usbhid->intf, usbhid);
>        retval = usb_register_dev(usbhid->intf, &hiddev_class);
>        if (retval) {
>                err_hid("Not able to get a minor for this device.");
>
> --
> Jiri Kosina
> SUSE Labs, Novell Inc.
>

Yes. That patch fixes my problem too. Tested on top of the current
tree [2.6.36-rc1-00051-g3b89f56]. Thanks!

One little thing though. There is a message about 2 lines offset when
patching. Succeeded anyway but I've never got such messages before so
I thought it would be better to mention it:

patch -p1 <../patches/hid.git-9c9e54a8df0be48aa359744f412377cc55c3b7d2.patch
patching file drivers/hid/usbhid/hiddev.c
Hunk #2 succeeded at 890 (offset -2 lines).

I downloaded the patch from
http://git.kernel.org/?p=linux/kernel/git/jikos/hid.git;a=commitdiff;h=9c9e54a8df0be48aa359744f412377cc55c3b7d2
to make sure I had the original indentations etc. preserved (Gmail
tends to mess up with lines).

-- 
Regards
Tomasz B.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ