lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 23 Jul 2014 12:04:21 -0400
From:	Peter Hurley <peter@...leysoftware.com>
To:	"xinhui.pan" <xinhuix.pan@...el.com>
CC:	Greg KH <gregkh@...uxfoundation.org>, mnipxh <mnipxh@...il.com>,
	jslaby@...e.cz, linux-kernel@...r.kernel.org,
	yanmin_zhang@...ux.intel.com
Subject: Re: [PATCH] tty/tty_io.c: make a check before reuse cdev

Hi Xinhui,

On 07/23/2014 05:21 AM, xinhui.pan wrote:
> 于 2014年07月23日 00:40, Peter Hurley 写道:
>> On 07/22/2014 07:52 AM, xinhui.pan wrote:
>>> 于 2014年07月21日 23:38, Greg KH 写道:
>>>> On Mon, Jul 21, 2014 at 08:47:16PM +0800, pp wrote:

>>>>> tty driver register its device and (D)init the cdevs again.
>>>>
>>>> What driver does this with an "old" device, it should have created a new
>>>> one, otherwise, as you have pointed out, it's a bug.
>>>>
>>>
>>> I can't agree more with you. we should not use "old" device.
>>
>> This is a gsm driver problem. The GSM driver is reusing device indexes
>> for still-open ttys.
>>
>> The GSM driver uses a global table, gsm_mux[], to allocate device indexes
>> but prematurely clears the table entry in gsm_mux_cleanup(). If instead,
>> clearing the gsm_mux table entry were deferred to gsm_mux_free(), then
>> device indexes would not be getting reused until after the last tty
>> associated with the last gsm attach was closed.
>>
> 
> Very nice solution. We will check if this can cause any risk, both to kernel and user space.
> Using a new tty base to register with new cdevs may give us more chance to wait PROCESS quit/close.
> when total 256 tty used up, what we should do is still in discuss.

I saw your patch for the use of gsm->num before gsm_activate_mux() has
allocated the table entry; thanks for fixing that.

As for what to do if all the gsm_mux table entries are used: if the error
is infrequent, I suggest simply returning an error which is what the
driver does currently. Otherwise, a more dynamic allocation scheme may be required.

I did notice while reviewing the error handling that gsmld_open() will
leak the entire composite ldisc data allocated by gsm_alloc_mux() if
gsmld_attach_gsm() fails.

Regards,
Peter Hurley

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ