lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 5 Oct 2008 17:55:14 +0200 (CEST) From: Thomas Gleixner <tglx@...utronix.de> To: Arjan van de Ven <arjan@...ux.intel.com> cc: Jesse Brandeburg <jesse.brandeburg@...il.com>, Jiri Kosina <jkosina@...e.cz>, Jesse Barnes <jbarnes@...tuousgeek.org>, David Miller <davem@...emloft.net>, jesse.brandeburg@...el.com, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, kkeil@...e.de, agospoda@...hat.com, david.graham@...el.com, bruce.w.allan@...el.com, john.ronciak@...el.com, chris.jones@...onical.com, tim.gardner@...onical.com, airlied@...il.com, Olaf Kirch <okir@...e.de>, Linus Torvalds <torvalds@...ux-foundation.org> Subject: Re: [RFC PATCH 02/12] On Tue, 23 Sep 2008, David Miller wrote: On Sun, 5 Oct 2008, Arjan van de Ven wrote: > Thomas Gleixner wrote: > > On Sat, 4 Oct 2008, Jesse Brandeburg wrote: > > > > Exactly. The access to a ro region results in a fault. I have nowhere > > > > seen that trigger, but I can reproduce the trylock() WARN_ON, which > > > > confirms that there is concurrent access to the NVRAM registers. The > > > > backtrace pattern is similar to the one you have seen. > > > are you still getting WARN_ON *with* all the mutex based fixes already > > > applied? > > > > The WARN_ON triggers with current mainline. Is there any fixlet in > > Linus tree missing ? > > > > > with the mutex patches in place (without protection patch) we are > > > still reproducing the issue, until we apply the set_memory_ro patch. > > > > That does not make sense to me. If the memory_ro patch is providing > > _real_ protection then you _must_ run into an access violation. If not, > > then the patch just papers over the real problem in some mysterious > > way. > > > > not if the bad code is doing copy_to_user .... (or similar) You mean: copy_from_user :) This would require that the e1000e nvram region is writable via copy_from_user by an e1000e user space interface. A quick grep does not reviel such a horrible interface. Thanks, tglx -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists