| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 04 May 2017 11:21:50 -0400 (EDT)
From: David Miller <davem@...emloft.net>
To: vkuznets@...hat.com
Cc: xen-devel@...ts.xenproject.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, boris.ostrovsky@...cle.com,
jgross@...e.com
Subject: Re: [PATCH] xen-netfront: avoid crashing on resume after a failure
in talk_to_netback()
From: Vitaly Kuznetsov <vkuznets@...hat.com>
Date: Thu, 4 May 2017 14:23:04 +0200
> Unavoidable crashes in netfront_resume() and netback_changed() after a
> previous fail in talk_to_netback() (e.g. when we fail to read MAC from
> xenstore) were discovered. The failure path in talk_to_netback() does
> unregister/free for netdev but we don't reset drvdata and we try accessing
> it again after resume.
>
> Reset drvdata in netback_changed() the same way we reset it in
> netfront_probe() and check for NULL in both netfront_resume() and
> netback_changed() to properly handle the situation.
>
> Signed-off-by: Vitaly Kuznetsov <vkuznets@...hat.com>
The circumstances under which netfront_probe() NULLs out the device
private is different than what you propose here, which is to do it
on a live device in netback_changed() whilst mutliple susbsytems
have a reference to this device and can call into the driver still.
It is only legal to do this in the probe function because such
references and execution possibilities do not exist at that point.
What really needs to happen is that the xenbus_driver must be told to
unregister this xen device and stop making calls into the driver for
it before you release the netdev state.
That is the only reasonable way to fix this bug.
Thanks.
Powered by blists - more mailing lists