lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20201104201323.dzyt73tbd2jykcrt@function>
Date:   Wed, 4 Nov 2020 21:13:23 +0100
From:   Samuel Thibault <samuel.thibault@...-lyon.org>
To:     Matthias Reichl <hias@...us.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Jiri Slaby <jirislaby@...nel.org>, speakup@...ux-speakup.org,
        linux-serial@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: Crash when specifying non-existent serial port in speakup /
 tty_kopen

Hello,

Matthias Reichl, le mer. 04 nov. 2020 15:57:37 +0100, a ecrit:
> I initially noticed this oops on x86_64 running kernel 5.4.59 when
> I accidentally mistyped "ttyS0" as "ttyS9":
> 
> modprobe speakup_dummy dev=ttyS9

> [   49.978481] tty_init_dev: ttyS driver does not set tty->port. This would crash the kernel. Fix the driver!

This looks like only a warning, did it actually crash?

> the missing tty->port is quite fatal.

It is fatal for module insertion yes (EINVAL) but IIRC that should be
getting handled properly, making modprobe return the error?

> It looks like spk_ttyio or tty_dev_name_to_number() / tty_kopen()
> should perform some additional validation,

spk_ttyio_initialise_ldisc only has a dev_t so can't do much beyond
calling tty_kopen.

tty_kopen is getting the index from the tty_lookup_driver call (actually
get_tty_driver which uses p->minor_start and p->num) and passes it to
tty_driver_lookup_tty. Perhaps in addition of p->num the driver should
have another field to set, that tty_init_dev could use to reject with
ENODEV indexes beyond what the driver actually provides?

> I couldn't make the kernel warn/crash yet by specifying non-existent
> ttyUSB ports yet though.

That's probably because in the ttyUSB case the device allocation is
dynamic and made exactly according to the number of actual devices,
while for ttyS* there is a large overcommit of minor values.

Samuel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ