| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 2 Jul 2013 16:31:29 +0100 From: Dean Jenkins <Dean_Jenkins@...tor.com> To: Andre Naujoks <nautsch2@...il.com>, linux-kernel@...r.kernel.org Cc: Jiri Slaby <jslaby@...e.cz>, Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: [PATCH 0/5] SLIP SLIP-Improve robustness to crashing Using SLIP bound to RFCOMM or PTY/TTY has identified some weaknesses to crashing under abnormal conditions. Here is a proposed patchset baselined and built on Linux 3.9. Note the patches have not been tested on x86 Linux 3.9. However similar patches have been used on ARM Linux 2.6.34 to avoid kernel crashes in a commercial project. I believe the same weaknesses still exist in Linux 3.9. If some or all of the patches look to be useful to the community then I may attempt to test on x86 but this is not straight forward for me. I welcome any feedback and whether the fixes are a suitable solution. Who is the maintainer of SLIP in the kernel ? The patchset consists of: 0001-Bluetooth-Add-RFCOMM-TTY-write-return-error-codes.patch 0002-SLIP-Handle-error-codes-from-the-TTY-layer.patch 0003-SLIP-Prevent-recursion-stack-overflow-and-scheduler-.patch 0004-SLIP-Add-error-message-for-xleft-non-zero.patch 0005-SLIP-Fix-transmission-segmentation-mechanism.patches Some background: 0001-Bluetooth-Add-RFCOMM-TTY-write-return-error-codes.patch This patch is a Bluetooth change to add some error return codes to RFCOMM to avoid NULL pointer dereference crashes. Note RFCOMM can already generate an error code that will cause SLIP to malfunction. 0002-SLIP-Handle-error-codes-from-the-TTY-layer.patches This patch allows SLIP to handle error codes from RFCOMM or other bound TTY layers. 0003-SLIP-Prevent-recursion-stack-overflow-and-scheduler-.patches This patch prevents SLIP from causing a recursive loop that overflows the stack and catastrophically crashes the kernel. The scenario is SLIP bound to PTY/TTY. The underlying trigger is a probably a failure to allocate a TTY buffer in tty_buffer_alloc() but this is unproven. The crash is sporadic in an ARM embedded environment where resources are limited. 0004-SLIP-Add-error-message-for-xleft-non-zero.patch This is an error message patch to identify when a SLIP frame has not been fully transmitted meaning the frame was truncated. 0005-SLIP-Fix-transmission-segmentation-mechanism.patches This patch allows multiple attempts to transmit segments of the SLIP frame. Currently only 1 attempt at writing the whole SLIP frame to PTY/TTY occurs. This could truncate transmitted SLIP frames. In addition the modification relies on the TTY write wake-up event to complete the transmission of the SLIP frame rather than the sl_encaps() call to pty_write(). Probably, pty_write() should not call tty_wakeup() but safer to modify SLIP rather than the PTY/TTY layer. Thanks, Dean Jenkins Mentor Graphics -- 1.8.1.5 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists