| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <593A50FF.40604@parkeon.com>
Date: Fri, 9 Jun 2017 09:40:47 +0200
From: Martin Fuzzey <mfuzzey@...keon.com>
To: "Luis R. Rodriguez" <mcgrof@...nel.org>
Cc: Linux FS Devel <linux-fsdevel@...r.kernel.org>,
Alan Cox <alan@...ux.intel.com>, Ted Ts'o <tytso@....edu>,
Andy Lutomirski <luto@...nel.org>,
Dmitry Torokhov <dmitry.torokhov@...il.com>,
"Michael Kerrisk (man-pages)" <mtk.manpages@...il.com>,
Linux API <linux-api@...r.kernel.org>,
Peter Zijlstra <peterz@...radead.org>,
Greg KH <gregkh@...uxfoundation.org>,
Daniel Wagner <wagi@...om.org>,
David Woodhouse <dwmw2@...radead.org>,
jewalt@...innovations.com, rafal@...ecki.pl,
Arend Van Spriel <arend.vanspriel@...adcom.com>,
"Rafael J. Wysocki" <rjw@...ysocki.net>,
"Li, Yi" <yi1.li@...ux.intel.com>, atull@...nsource.altera.com,
Moritz Fischer <moritz.fischer@...us.com>,
Petr Mladek <pmladek@...e.com>,
Johannes Berg <johannes.berg@...el.com>,
Emmanuel Grumbach <emmanuel.grumbach@...el.com>,
Luca Coelho <luciano.coelho@...el.com>,
Kalle Valo <kvalo@...eaurora.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Kees Cook <keescook@...omium.org>,
AKASHI Takahiro <takahiro.akashi@...aro.org>,
David Howells <dhowells@...hat.com>,
Peter Jones <pjones@...hat.com>,
Hans de Goede <hdegoede@...hat.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2] firmware: fix sending -ERESTARTSYS due to signal on
fallback
On 09/06/17 03:57, Luis R. Rodriguez wrote:
> On Thu, Jun 8, 2017 at 6:10 PM, Luis R. Rodriguez <mcgrof@...nel.org> wrote:
>>> Android didn't send the signal, the kernel did (SIGCHLD).
>>>
>>> Like this:
>>>
>>> 1) Android init (pid=1) fork()s (say pid=42) [this child process is totally
>>> unrelated to firmware loading]
>>> 2) Android init (pid=1) does a write() on a (driver custom) sysfs file which
>>> ends up calling request_firmware() kernel side
>>> 3) The firmware loading fallback mechanism is used, the request is sent to
>>> userspace and pid 1 waits in the kernel on wait_*
>>> 4) before firmware loading completes pid 42 dies (for any reason - in my
>>> case normal termination)
> Martin just to be clear, by "normal case termination" do you mean
> completing successfully ?? Ie the firmware actually did make it onto
> the device ?
The firmware did *not* make it onto the device since the
request_firmware() call returned an error
(the code that would have transfered it to the device is only executed
following a successful request_firmware)
The process that terminates normally is unrelated to firmware loading as
I said above.
The only things that matter are:
- It is a child process of the process that calls request_firmware()
- It terminates *while* the the wait_ is still in progress
Here is a way of reproducing the problem using the test_firmware module
(which I only just saw) on normal linux with no Android or custom driver
#!/bin/sh
set -e
# Make sure the system firmware loader doesn't get in the way
/etc/init.d/udev stop
modprobe test_firmware
DIR=/sys/devices/virtual/misc/test_firmware
echo 10 >/sys/class/firmware/timeout;
sleep 2 &
echo -n "/some/non/existing/file.bin" > "$DIR"/trigger_request;
If run with the "sleep 2 &" it terminates after 2 seconds
If the sleep is commented it runs for the expected 10 seconds (the
firmware loading timeout)
Since the sleep process is a child of the script process requesting a
firmware load its death causes a SIGCHLD causing request_firmware() to
abort prematurely.
Martin
Powered by blists - more mailing lists