| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Oct 2007 20:00:32 +0200
From: Roel Kluin <12o3l@...cali.nl>
To: netdev@...r.kernel.org
Subject: [PATCH 4] Unlock before BUG, but preserve normal operation
I am a bit uncertain about this, so if you have comments on this, it is much
appreciated.
The rationale:
in the default case the BUG() kills the current process, but with the lock
still held this causes the system to hang; therefore the unlock before the
BUG().
When CONFIG_BUG is disabled - e.g. for embedded systems - the BUG(); will
not kill the process and there should not be a double unlock in that case.
--
Unlock before BUG(), but preserve normal operation in the case that
CONFIG_BUG is disabled.
Signed-off-by: Roel Kluin <12o3l@...cali.nl>
---
diff --git a/drivers/net/wireless/ipw2200.c b/drivers/net/wireless/ipw2200.c
index e3c8284..f337578 100644
--- a/drivers/net/wireless/ipw2200.c
+++ b/drivers/net/wireless/ipw2200.c
@@ -8722,7 +8722,9 @@ static int ipw_wx_get_freq(struct net_device *dev,
break;
default:
+ mutex_unlock(&priv->mutex);
BUG();
+ return -EINVAL;
}
} else
wrqu->freq.m = 0;
diff --git a/net/rxrpc/ar-ack.c b/net/rxrpc/ar-ack.c
index 657ee69..e551b0b 100644
--- a/net/rxrpc/ar-ack.c
+++ b/net/rxrpc/ar-ack.c
@@ -752,8 +752,11 @@ all_acked:
sp->call = call;
rxrpc_get_call(call);
spin_lock_bh(&call->lock);
- if (rxrpc_queue_rcv_skb(call, skb, true, true) < 0)
+ if (rxrpc_queue_rcv_skb(call, skb, true, true) < 0) {
+ spin_unlock_bh(&call->lock);
BUG();
+ goto process_further;
+ }
spin_unlock_bh(&call->lock);
goto process_further;
}
diff --git a/net/rxrpc/ar-call.c b/net/rxrpc/ar-call.c
index 3c04b00..48804e1 100644
--- a/net/rxrpc/ar-call.c
+++ b/net/rxrpc/ar-call.c
@@ -426,9 +426,12 @@ void rxrpc_release_call(struct rxrpc_call *call)
call->rx_first_oos);
spin_lock_bh(&call->lock);
- if (test_and_set_bit(RXRPC_CALL_RELEASED, &call->flags))
+ if (test_and_set_bit(RXRPC_CALL_RELEASED, &call->flags)) {
+ spin_unlock_bh(&call->lock);
BUG();
- spin_unlock_bh(&call->lock);
+ } else {
+ spin_unlock_bh(&call->lock);
+ }
/* dissociate from the socket
* - the socket's ref on the call is passed to the death timer
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists