| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Jan 2013 13:27:07 +0100 From: Bjørn Mork <bjorn@...k.no> To: Oliver Neukum <oliver@...kum.org> Cc: linux-usb@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH net] net: usbnet: prevent buggy devices from killing us Oliver Neukum <oliver@...kum.org> writes: > On Friday 25 January 2013 08:13:15 Bjørn Mork wrote: >> Oliver Neukum <oliver@...kum.org> writes: >> > On Thursday 24 January 2013 20:16:56 Bjørn Mork wrote: >> >> A device sending 0 length frames as fast as it can has been >> >> observed killing the host system due to the resulting memory >> >> pressure. >> >> >> >> Temporarily disable RX skb allocation and URB submission when >> >> the current error ratio is high, preventing us from trying to >> >> allocate an infinite number of skbs. Reenable as soon as we >> >> are finished processing the done queue, allowing the device >> >> to continue working after short error bursts. >> >> >> >> Signed-off-by: Bjørn Mork <bjorn@...k.no> >> >> --- >> >> So is this starting to look OK? >> > >> > It seems to me that we at least need to try some error recovery. >> >> Won't the disabling code in usbnet_bh do? RX will only stay disabled >> until the done queue is handled. > > So will the burst of bogus packets stop by itself? No, in the case I am looking at it won't. So we end up switching this off/on endlessly. But I believe that is fine. There is no way we can *know* that the errors won't stop unless we start receiving packets again. Other devices may have similar temporary bugs, making them start working again after a while. If we permanently disable RX then we will just make any such device fail for no good reason. My only wish for this patch is that it makes usbnet survive the buggy device without bringing the host down. Not magically fix the device (of course impossible), or even hide the bug in any way. A non-functional device will still appear as a non-functional device. Manual user intervention is required to make it work. This might involve a firmware upgrade for all we know... >> > How about resetting the device when it is no longer used? >> >> Yes, that we should do. I guess usbnet_open is the place to reset the >> flag and counters? I'll send another version taking care of this and >> Joes comment. > > I was thinking about resetting the device, not just counters. What's the point? We only risk making the issue worse if some device has a similar temporary bug, fixing itself a while after reset. I think we should leave any such actions to the user. > But yes, open() needs to reset the counters, too. OK, will add that. Bjørn -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists