lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <OF33DF005A.0C447DF0-ON802576DD.00538FB8-802576DD.00552375@smsc.com>
Date:	Fri, 5 Mar 2010 15:29:41 +0000
From:	Steve.Glendinning@...c.com
To:	David Miller <davem@...emloft.net>
Cc:	netdev@...r.kernel.org
Subject: Re: [PATCH] Fix netdev_printk null dereference

David Miller <davem@...emloft.net> wrote on 05/03/2010 14:39:09:

> From: Steve Glendinning <steve.glendinning@...c.com>
> Date: Fri,  5 Mar 2010 12:47:05 +0000
> 
> > This patch fixes a reproducible null dereference in smsc95xx (and I
> > suspect others) when the device is removed during a control register
> > access.  This can be reproduced by rapidly plugging and unplugging
> > the device during its initialisation.
> > 
> > Signed-off-by: Steve Glendinning <steve.glendinning@...c.com>
> 
> The parent shouldn't become NULL until the device is totally quiesced
> and is no longer accesses.

The failure I'm seeing is caused when the usb device is disconnected.
smsc95xx detects that a pending USB control operation failed
and tries to print a message via netdev_printk to report this.

Unfortunately, something else (the USB subsystem?) has already set
parent to null at this time so the netdev_printk causes a null 
dereference.

So netdev_printk suddenly changes from safe to use to unsafe to use?

I could change all instances in smsc95xx to defensively check this
at each call, but what should I test to see if the device is still
valid?  Is testing parent != null the correct thing to do?

I think other usbnet drivers may have the same problem, but I don't have
any hardware to test them.

> Maybe you can instead fix the smsc95xx driver to abide by this rule
> instead of adding a conditional check to thousands of other drivers in
> the tree that do not need this?

I agree it'd be better to avoid this check where it's unnecessary, but
if netdev_printk isn't necessarily safe to call for *removable* interfaces
then shouldn't all such callers be checking that it's safe to do so?

Steve
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ