lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 3 May 2011 09:53:44 +0200
From:	Oliver Neukum <oneukum@...e.de>
To:	David Miller <davem@...emloft.net>
Cc:	tom.leiming@...il.com, netdev@...r.kernel.org,
	linux-usb@...r.kernel.org
Subject: Re: [PATCH] usbnet: runtime pm: fix out of memory

Am Dienstag, 3. Mai 2011, 00:52:14 schrieb David Miller:
> From: tom.leiming@...il.com
> Date: Fri, 29 Apr 2011 16:37:09 +0800
> 
> > From: Ming Lei <tom.leiming@...il.com>
> > 
> > This patch makes use of the EVENT_DEV_OPEN flag introduced recently to
> > fix one out of memory issue, which can be reproduced on omap3/4 based
> > pandaboard/beagle XM easily with steps below:
>  ...
> 
> Oliver please review this patch.  Thanks!
> 
> >       - enable runtime pm
> >       echo auto > /sys/devices/platform/usbhs-omap.0/ehci-omap.0/usb1/1-1/1-1.1/power/control
> > 
> >       - ifconfig eth0 up
> > 
> >       - then out of memroy happened, see [1] for kernel message.
> > 
> > Follows my analysis:
> >       - 'ifconfig eth0 up' brings eth0 out of suspend, and usbnet_resume
> >       is called to schedule dev->bh, then rx urbs are submited to prepare for
> >       recieving data;
> > 
> >       - some usbnet devices will produce garbage rx packets flood if
> >       info->reset is not called in usbnet_open.
> > 
> >       - so there is no enough chances for usbnet_bh to handle and release
> >       recieved skb buffers since many rx interrupts consumes cpu, so out of memory
> >       for atomic allocation in rx_submit happened.
> > 
> > This patch fixes the issue by simply not allowing schedule of usbnet_bh until device
> > is opened.

Do the devices in question use cdc_ether?
The problem I see with this patch is that cdc_ether uses .reset_resume = usbnet_resume
Therefore the device will not have been reset from the viewpoint of the device, yet
the device may be open, so the bug would strike again.

It seems to me that this patch is not wrong as such, but incomplete.

	Regards
		Oliver

-- 
- - - 
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) 
Maxfeldstraße 5                         
90409 Nürnberg 
Germany 
- - - 
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ