| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Jul 2014 23:24:46 +0800 From: xinhui <mnipxh@...il.com> To: Peter Hurley <peter@...leysoftware.com>, "xinhui.pan" <xinhuix.pan@...el.com> CC: Greg KH <gregkh@...uxfoundation.org>, jslaby@...e.cz, linux-kernel@...r.kernel.org, yanmin_zhang@...ux.intel.com Subject: Re: [PATCH] tty/tty_io.c: make a check before reuse cdev hi, Peter On 2014年07月24日 00:04, Peter Hurley wrote: > Hi Xinhui, > > On 07/23/2014 05:21 AM, xinhui.pan wrote: >> 于 2014年07月23日 00:40, Peter Hurley 写道: >>> On 07/22/2014 07:52 AM, xinhui.pan wrote: >>>> 于 2014年07月21日 23:38, Greg KH 写道: >>>>> On Mon, Jul 21, 2014 at 08:47:16PM +0800, pp wrote: > >>>>>> tty driver register its device and (D)init the cdevs again. >>>>> >>>>> What driver does this with an "old" device, it should have created a new >>>>> one, otherwise, as you have pointed out, it's a bug. >>>>> >>>> >>>> I can't agree more with you. we should not use "old" device. >>> >>> This is a gsm driver problem. The GSM driver is reusing device indexes >>> for still-open ttys. >>> >>> The GSM driver uses a global table, gsm_mux[], to allocate device indexes >>> but prematurely clears the table entry in gsm_mux_cleanup(). If instead, >>> clearing the gsm_mux table entry were deferred to gsm_mux_free(), then >>> device indexes would not be getting reused until after the last tty >>> associated with the last gsm attach was closed. >>> >> >> Very nice solution. We will check if this can cause any risk, both to kernel and user space. >> Using a new tty base to register with new cdevs may give us more chance to wait PROCESS quit/close. >> when total 256 tty used up, what we should do is still in discuss. > > I saw your patch for the use of gsm->num before gsm_activate_mux() has > allocated the table entry; thanks for fixing that. > > As for what to do if all the gsm_mux table entries are used: if the error > is infrequent, I suggest simply returning an error which is what the > driver does currently. Otherwise, a more dynamic allocation scheme may be required. > > I did notice while reviewing the error handling that gsmld_open() will > leak the entire composite ldisc data allocated by gsm_alloc_mux() if > gsmld_attach_gsm() fails. > As for memory leak, I suggest move the codes that changing the index of gsm_mux[] into gsm_alloc_mux/gsm_free_mux. That makes things much easier to understand. And everything should be OK, including base = gsm->num << 6 :) I think gsm_mux[] holds the gsms whcih we are able to use, not we are using. *able to use* includes *using*. If you have any different opinions, could you point out my mistake? thanks, xinhui > Regards, > Peter Hurley > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists