Re: [PATCH 4/4] [RFC] staging/net: move AF_X25 into drivers/staging

From: Martin Schiller
Date: Tue Dec 10 2019 - 03:59:38 EST


On 2019-12-09 20:26, Arnd Bergmann wrote:
On Mon, Dec 9, 2019 at 7:29 PM David Miller <davem@xxxxxxxxxxxxx> wrote:

From: Arnd Bergmann <arnd@xxxxxxxx>
Date: Mon, 9 Dec 2019 16:12:56 +0100

> syzbot keeps finding issues in the X.25 implementation that nobody is
> interested in fixing. Given that all the x25 patches of the past years
> that are not global cleanups tend to fix user-triggered oopses, is it
> time to just retire the subsystem?

I have a bug fix that I'm currently applying to 'net' right now actually:

https://patchwork.ozlabs.org/patch/1205973/

So your proposal might be a bit premature.

Ok, makes sense. Looking back in the history, I also see other bugfixes
from the same author.

Adding Martin Schiller to Cc: for a few questions:

- What hardware are you using for X.25?

I would say that X.25 is (at least in Germany) not dead yet. For example, it is
still used in the railway network of the Deutsche Bahn AG in many different
areas. [1]

We deliver products for this and use the Linux X.25 stack with some bugfixes
and extensions that I would like to get upstream.

As hardware/interfaces we use X.21bis/G.703 adapters, which are connected via
HDLC_X25 and LAPB. Also for this there are extensions and bugfixes, which I
would like to include in the kernel.

- Would you be available to be listed in the MAINTAINERS file
as a contact for net/x25?

Yes, you can add me to the MAINTAINERS file.
I have only limited time, but I will try to follow all requests concerning this
subsystem.

- Does your bug fix address the latest issue found by syzbot[1],
or do you have an idea to fix it if not?

I don't have a direct solution for the concrete problem mentioned above, but at
first sight I would say that the commit 95d6ebd53c79 ("net/x25: fix
use-after-free in x25_device_event()") holds the wrong lock (&x25_list_lock).
Shouldn't this be the lock &x25_neigh_list_lock as in x25_get_neigh(), where
x25_neigh_hold() is called?


Arnd

[1]
https://lore.kernel.org/netdev/CAK8P3a0LdF+aQ1hnZrVKkNBQaum0WqW1jyR7_Eb+JRiwyHWr6Q@xxxxxxxxxxxxxx/