lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4CF42C29.4040702@suse.cz>
Date:	Mon, 29 Nov 2010 23:41:45 +0100
From:	Jiri Slaby <jslaby@...e.cz>
To:	Greg KH <greg@...ah.com>
CC:	gregkh@...e.de, slapin@...fans.org, linux-kernel@...r.kernel.org,
	jirislaby@...il.com, Alan Cox <alan@...ux.intel.com>
Subject: Re: [PATCH 1/2] TTY: ldisc, fix open flag handling

On 11/29/2010 10:50 PM, Greg KH wrote:
> On Thu, Nov 25, 2010 at 12:27:54AM +0100, Jiri Slaby wrote:
>> When a concrete ldisc open fails in tty_ldisc_open, we forget to clear
>> TTY_LDISC_OPEN. This causes a false warning on the next ldisc open:
>> WARNING: at drivers/char/tty_ldisc.c:445 tty_ldisc_open+0x26/0x38()
>> Hardware name: System Product Name
>> Modules linked in: ...
>> Pid: 5251, comm: a.out Tainted: G        W  2.6.32-5-686 #1
>> Call Trace:
>>  [<c1030321>] ? warn_slowpath_common+0x5e/0x8a
>>  [<c1030357>] ? warn_slowpath_null+0xa/0xc
>>  [<c119311c>] ? tty_ldisc_open+0x26/0x38
>>  [<c11936c5>] ? tty_set_ldisc+0x218/0x304
>> ...
>>
>> So clear the bit when failing...
>>
>> Introduced in c65c9bc3efa (tty: rewrite the ldisc locking) back in
>> 2.6.31-rc1.
>>
>> Signed-off-by: Jiri Slaby <jslaby@...e.cz>
>> Cc: Alan Cox <alan@...ux.intel.com>
>> Reported-by: Sergey Lapin <slapin@...fans.org>
>> Tested-by: Sergey Lapin <slapin@...fans.org>
> 
> Is this still needed, or can I just use your:
> 	[PATCH v2 1/2] TTY: don't allow reopen when ldisc is changing
> patch instead?

This patch is still needed, it fixes a fail path.

Other than that there are 3 races in 2.6.36, one of them is introduced
in 2.6.36, the rest in 2.6.32. For each bug there is a single patch I sent:
* TTY: open/hangup race fixup
  - introduced in 2.6.36
  - open vs hangup race
* TTY: don't allow reopen when ldisc is changing
  - tiocsetd vs open race
* TTY: ldisc, fix open flag handling
  - this you are asking about
  - when ldisc->open fails, we blow up
* Char: TTY, restore tty_ldisc_wait_idle
  - this is in 37-rc2 already
  - multiple opens followed by tiocsetd blows the machine up

All of them are stable candidates (but I would give them some time in
HEAD to see if something breaks, since I opened a can of worms). The
first one is applicable only to 2.6.36 indeed.

thanks,
-- 
js
suse labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ