lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20111024200927.GH5632@1wt.eu>
Date:	Mon, 24 Oct 2011 22:09:27 +0200
From:	Willy Tarreau <w@....eu>
To:	Roland Kletzing <devzero@....de>
Cc:	linux-kernel@...r.kernel.org, adrian.hunter@...el.com,
	Artem.Bityutskiy@...ia.com
Subject: Re: [BUG] Re: mtd_stresstest module bricked my dockstar

Hello Roland,

On Mon, Oct 24, 2011 at 09:32:42PM +0200, Roland Kletzing wrote:
> Yes, i think accidentally insmodding  "mtd_stresstest" has just wiped it, 
> not killed.
> The problem is, that it is important stuff for booting and you can`t pull 
> it out and
> re-write externally, like a disk. Sorry, i that was probably not clearly 
> stated.
> 
> Anyway - what would people think if linux had a kernel module  which wipes
> /dev/sda1 when loaded ? :)

I totally agree. And on some machines, you might have mtd0 mapped to a
real block device.

> >I got one Iomega Iconnect with a faulty flash that I got replaced for a
> >good one, so it's more likely the case here.
> 
> Yes, i could give debricking with JTAG a try. But what about the cost for 
> the JTAG
> and the work to be spent with it? I could buy another Dockstar for that.....

it's cheap, download openocd and make a Wiggler cable. It requires very
little hardware. I don't see why it wouldn't work, I've done that to try
to port Linux to a miniature ARM platform a few years ago (it was pretty
funny). You just need one rainy sunday afternoon.

> static int dev;   <-!
> module_param(dev, int, S_IRUGO);
> MODULE_PARM_DESC(dev, "MTD device number to use");
...
> My kernel log showed:
> 
> mtd_stresstest: MTD device: 0
> mtd_stresstest: MTD device size 1048576 etc...

Ooops.

> So, apparenly the module accidentally picked mtd0 instead of exiting 
> cleanly (as
> i did not pass a device number)
> 
> I`m not a programmer, but doesn`t look that like an "unitialized variable" 
> issue ?

You're pretty right indeed ! I think the code has only be tested with
devices that ought to be killed, otherwise the author would have noticed
it quickly.

> If yes, then i would call my Dockstar "victim of a bug".

One more reason to try to resurrect it ;-)

Cheers,
Willy

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ