lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1489420001.28631.87.camel@edumazet-glaptop3.roam.corp.google.com>
Date:   Mon, 13 Mar 2017 08:46:41 -0700
From:   Eric Dumazet <eric.dumazet@...il.com>
To:     Petr Vorel <petr.vorel@...il.com>
Cc:     netdev@...r.kernel.org, hayeswang@...ltek.com, davem@...emloft.net
Subject: Re: [PATCH 1/1] r8152: fix NULL pointer dereference in r8152_poll

On Mon, 2017-03-13 at 08:44 -0700, Eric Dumazet wrote:
> On Mon, 2017-03-13 at 16:37 +0100, Petr Vorel wrote:
> > Hi Eric,
> > 
> > > > The proper work around is to enclose the napi_schedule() in a
> > > > local_bh_enable()/local_bh_disable()  pair.
> > 
> > > Something like :
> > > --- a/drivers/net/usb/r8152.c
> > > +++ b/drivers/net/usb/r8152.c
> > > @@ -3703,8 +3703,10 @@ static int rtl8152_resume(struct usb_interface *intf)
> > >  			napi_enable(&tp->napi);
> > >  			clear_bit(SELECTIVE_SUSPEND, &tp->flags);
> > >  			smp_mb__after_atomic();
> > > +			local_bh_disable();
> > >  			if (!list_empty(&tp->rx_done))
> > >  				napi_schedule(&tp->napi);
> > > +			local_bh_enable();
> > 
> > Unfortunately this doesn't work. Code in r8152.c doesn't use
> > local_bh_enable()/local_bh_disable(). I tried to lock it with
> > spin_lock_bh()/spin_unlock_bh() and with mutex_lock()/mutex_unlock()
> > but neither work.
> 
> The local_bh_disable() / local_bh_enable() definitely is the right
> answer to the issue you described.
> 
> It does not matter what code in r8152.c currently does.
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=8cf699ec849f4ca1413cea01289bd7d37dbcc626


You also have to protect other napi_schedule(), like the ones in
rtl_work_func_t() or rtl8152_post_reset()




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ