Re: [linux-usb-devel] Re: [BUG] oops while completing async USB via usbdevio

From: Harald Welte
Date: Mon Jun 06 2005 - 11:08:31 EST


On Wed, Jun 01, 2005 at 12:12:58AM +0200, Harald Welte wrote:

> > > Wouldn't it help to associate the URB with the file (instaed of the
> > > task), and then send the signal to any task that still has opened the
> > > file? I'm willing to hack up a patch, if this is considered a sane fix.
> >
> > Sounds reasonable, except that not all such tasks will want the signal.
> > Though I guess the infrastructure to filter the signal out already exists,
> > so the main missing piece is that urb-to-file binding.
>
> Ok, I'll get something coded shortly.

Unfortunately this approach is not feasible, since there is no 'reverse
mapping' from a file to a process. So for every URB delivery, we would
have to walk that task_list and check which tasks have opened this file.

So what do we do now?

A reimplementation of async URB handling (probably use the AIO code)
from userspace is a significant amount of work.

Meanwhile, this bug allows any regular non-root userspace program with
access to a single USB device to oops the kernel, so a short-term fix is
definitely required for security reasons.

--
- Harald Welte <laforge@xxxxxxxxxxxx> http://gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)

Attachment: pgp00000.pgp
Description: PGP signature