lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sun, 27 Jul 2014 11:09:53 -0700
From:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:	"xinhui.pan" <xinhuix.pan@...el.com>
Cc:	Jiri Slaby <jslaby@...e.cz>, linux-kernel@...r.kernel.org,
	"Zhang, Yanmin" <yanmin_zhang@...ux.intel.com>,
	mnipxh <mnipxh@...il.com>,
	Peter Hurley <peter@...leysoftware.com>,
	gnomes@...rguk.ukuu.org.uk
Subject: Re: [PATCH] tty/n_gsm.c: do not clear gsm_mux entry when the gsm is
 not closed

On Thu, Jul 24, 2014 at 05:17:01PM +0800, xinhui.pan wrote:
> If the gsmtty is still used by some process, we could not just
> simply clear gsm_mux[gsm->num]. Clear it when gsm is being free.
> Otherwise we will hit crashes when userspace close the gsmtty.
> 
> Also add gsm_mux_get() and gsm_mux_put() to make gsm_mux[] is used safely.
> We can do activation/deactivation with same gsm more than once now.
> This is for fixing the FIXME.
> 
> Signed-off-by: xinhui.pan <xinhuiX.pan@...el.com>
> Reviewed-by: Zhang Yanmin <yanmin_zhang@...ux.intel.com>
> ---
>  drivers/tty/n_gsm.c |   84 ++++++++++++++++++++++++++++++++++++---------------
>  1 file changed, 60 insertions(+), 24 deletions(-)
> 
> diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
> index 81e7ccb..290df56 100644
> --- a/drivers/tty/n_gsm.c
> +++ b/drivers/tty/n_gsm.c
> @@ -2020,6 +2020,58 @@ static void gsm_error(struct gsm_mux *gsm,
>  }
>  
>  /**
> + *	gsm_mux_get		-	get/fill one entry in gsm_mux
> + *	@gsm: our gsm
> + *
> + *	Although its name end with get, it don't inc ref-count actually.

Then don't call it a 'get' function :(

> + *	get one entry is just like fill pte, first memory access will
> + *	cause page_fault, the next accesses don't. So do here.

This doesn't make much sense to me, can you please explain it better?

> + */
> +

blank line?

> +static int gsm_mux_get(struct gsm_mux *gsm)
> +{
> +	int i;
> +
> +	if (gsm->num >= MAX_MUX) /* gsm is alloc by kzalloc, just be careful */
> +		return -EIO;

-EIO?

> +	if (gsm_mux[gsm->num] == gsm) /* We have already set gsm->num */
> +		return 0;
> +
> +	spin_lock(&gsm_mux_lock);
> +	for (i = 0; i < MAX_MUX; i++) {
> +		if (gsm_mux[i] == NULL) {
> +			gsm->num = i;
> +			gsm_mux[i] = gsm;
> +			break;
> +		}
> +	}
> +	spin_unlock(&gsm_mux_lock);
> +
> +	if (i == MAX_MUX)
> +		return -EBUSY;
> +	return 0;
> +}
> +
> +/**
> + *	gsm_mux_put		-	put/clear one entry in gsm_mux
> + *	@gsm: our gsm
> + *
> + *	Although its name end with put, it don't dec ref-count actually.
> + *	put one entry is just like clear pte, So do here.
> + */
> +
> +static void gsm_mux_put(struct gsm_mux *gsm)
> +{
> +	if (gsm->num >= MAX_MUX)
> +		return;
> +
> +	spin_lock(&gsm_mux_lock);
> +	if (gsm_mux[gsm->num] == gsm)

How can this not be true?

> +		gsm_mux[gsm->num] = NULL;
> +	spin_unlock(&gsm_mux_lock);
> +}

Why can't you do dynamic reference counting of your structure, that
would allow you to get rid of your global array, right?

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists