lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20080923063407.GB23815@pingi.kke.suse.de>
Date:	Tue, 23 Sep 2008 08:34:07 +0200
From:	Karsten Keil <kkeil@...e.de>
To:	Andi Kleen <andi@...stfloor.org>
Cc:	David Miller <davem@...emloft.net>, akpm@...ux-foundation.org,
	kkeil@...e.de, netdev@...r.kernel.org, ak@...ux.intel.com
Subject: Re: [patch 4/4] mISDN: misc timerdev fixes

On Tue, Sep 23, 2008 at 04:27:32AM +0200, Andi Kleen wrote:
> On Mon, Sep 22, 2008 at 07:18:26PM -0700, David Miller wrote:
> > From: akpm@...ux-foundation.org
> > Date: Mon, 22 Sep 2008 14:51:03 -0700
> > 
> > > - Remove noop VFS stubs. The VFS does that on a NULL pointer anyways.
> > > - Fix timer handler prototype to be correct
> > > - Comment ugly SMP race I didn't fix.
> > > 
> > > Signed-off-by: Andi Kleen <ak@...ux.intel.com>
> > > Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
> > 
> > Applied to net-next-2.6
> 
> I'm hoping someone takes care of the SMP race. I think the timers
> need all reference counting similar to other network objects to
> handle this cleanly.

Yes I already have some idea without refcounting, checking how much time is left
if it is more as some treshhold (maybe 2 or 10 jiffies) delete the timer,
if not mark it for deletion only and delete it during the run function without
triggering the device. In the race case it would trigger the device too but
this is not critical.
Another easier implementation could mark it only, without trying to delete
it imediately. But in this case unneeded timers would hang around (on big busy PBX
boxes this can be some 100) for some time.

What do you think ?

> 
> It might be a good idea to mark it BROKEN_ON_SMP in the meantime.

No really needed, normally the timers deleted long time before running out
or never so it should never see such a race, maybe if the application is
aborted and cleanup all timers this could happen but also this should be no
normal case, since usually you do not kill a PBX if any connections are
active.
Yes it could be used to do some deny on service kind of attack, so it should
be fixed at all.


-- 
Karsten Keil
SuSE Labs
ISDN and VOIP development
SUSE LINUX Products GmbH, Maxfeldstr.5 90409 Nuernberg, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ