lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4CBA0089.2060700@s5r6.in-berlin.de>
Date:	Sat, 16 Oct 2010 21:44:09 +0200
From:	Stefan Richter <stefanr@...6.in-berlin.de>
To:	Alan Stern <stern@...land.harvard.edu>
CC:	David Brownell <david-b@...bell.net>,
	USB list <linux-usb@...r.kernel.org>,
	Kernel development list <linux-kernel@...r.kernel.org>
Subject: Re: 2.6.36-rc7: NULL pointer dereference in ehci_clear_tt_buffer_complete

Alan Stern wrote:
> On Thu, 14 Oct 2010, Stefan Richter wrote:
> 
>> Alan Stern wrote:
>>> Stefan, is it possible for you to tell whether this really does work?
>> That will be hard.  So far I was unable to reproduce the oops; still running
>> unmodified 2.6.36-rc7.
> 
> Was this on an SMP machine?

Yes.

> If yes, the untested patch below may help
> trigger the oops.  To use it, insert (but don't mount) a memory card
> into the card reader, and use dd to copy a large amount of data from
> the card to /dev/null.  While that's running, unplug either the monitor
> or the card reader.  You may want to do this at a VT console so you can
> see directly when the delay occurs.
> 
> Alan Stern
> 
> 
> 
> Index: usb-2.6/drivers/usb/core/message.c
> ===================================================================
> --- usb-2.6.orig/drivers/usb/core/message.c
> +++ usb-2.6/drivers/usb/core/message.c
> @@ -323,8 +323,13 @@ static void sg_complete(struct urb *urb)
>  	/* on the last completion, signal usb_sg_wait() */
>  	io->bytes += urb->actual_length;
>  	io->count--;
> -	if (!io->count)
> +	if (!io->count) {
> +		if (status == -ECONNRESET) {
> +			printk(KERN_ERR "Delaying for test\n");
> +			mdelay(600);
> +		}
>  		complete(&io->complete);
> +	}
>  
>  	spin_unlock(&io->lock);
>  }
> 

I did so today on 2.6.36-rc8, without your other patch.  I was still unable to
reproduce the bug.  Forget the whole thing as unreproducible?
-- 
Stefan Richter
-=====-==-=- =-=- =----
http://arcgraph.de/sr/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ