NetBSD Problem Report #44369
From Wolfgang.Stukenbrock@nagler-company.com Tue Jan 11 10:05:12 2011
Return-Path: <Wolfgang.Stukenbrock@nagler-company.com>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id 999B463B89A
for <gnats-bugs@gnats.NetBSD.org>; Tue, 11 Jan 2011 10:05:12 +0000 (UTC)
Message-Id: <20110111100502.3B9491E80CE@test-s0.nagler-company.com>
Date: Tue, 11 Jan 2011 11:05:02 +0100 (CET)
From: Wolfgang.Stukenbrock@nagler-company.com
Reply-To: Wolfgang.Stukenbrock@nagler-company.com
To: gnats-bugs@gnats.NetBSD.org
Subject: raw_usrreq() may fail to release kernel lock
X-Send-Pr-Version: 3.95
>Number: 44369
>Category: kern
>Synopsis: raw_usrreq() may fail to release kernel lock
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Jan 11 10:10:00 +0000 2011
>Closed-Date: Tue Jan 11 10:53:13 +0000 2011
>Last-Modified: Sun Jan 16 13:05:12 +0000 2011
>Originator: Dr. Wolfgang Stueknbrock
>Release: NetBSD 5.1
>Organization:
Dr. Nagler & Company GmbH
>Environment:
System: NetBSD test-s0 4.0 NetBSD 4.0 (NSW-WS) #0: Tue Aug 17 17:28:09 CEST 2010 wgstuken@test-s0:/usr/src/sys/arch/amd64/compile/NSW-WS amd64
Architecture: x86_64
Machine: amd64
>Description:
In the routine raw_usrreq() in /usr/sry/sys/net/raw_usrreq.c a kernel lock is quired,
but in case of PRU_SENSE it is not released again!
Due to the fact, that the last change to this file in the cvs-rep is 2009, all actual
NetBSD version may be affected.
>How-To-Repeat:
found while searching a deadlock in the kernel that seems to be related to the KERNEL_LOCK
>Fix:
The following patch will solve the problem:
--- raw_usrreq.c 2011/01/11 09:58:39 1.1
+++ raw_usrreq.c 2011/01/11 09:59:59
@@ -276,7 +276,8 @@
/*
* stat: don't bother with a blocksize.
*/
- return (0);
+ error = 0;
+ break;
/*
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed
State-Changed-By: pooka@NetBSD.org
State-Changed-When: Tue, 11 Jan 2011 12:53:13 +0200
State-Changed-Why:
patch applied. thanks!
From: "Antti Kantee" <pooka@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/44369 CVS commit: src/tests/net
Date: Tue, 11 Jan 2011 10:51:46 +0000
Module Name: src
Committed By: pooka
Date: Tue Jan 11 10:51:45 UTC 2011
Modified Files:
src/tests/net: Makefile
Added Files:
src/tests/net/net: Makefile t_raw.c
Log Message:
add test for PR kern/44369
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/tests/net/Makefile
cvs rdiff -u -r0 -r1.1 src/tests/net/net/Makefile src/tests/net/net/t_raw.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Antti Kantee" <pooka@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/44369 CVS commit: src/sys/net
Date: Tue, 11 Jan 2011 10:52:43 +0000
Module Name: src
Committed By: pooka
Date: Tue Jan 11 10:52:42 UTC 2011
Modified Files:
src/sys/net: raw_usrreq.c
Log Message:
Apply patch from PR kern/44369 by Wolfgang Stukenbrock.
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 src/sys/net/raw_usrreq.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Manuel Bouyer <bouyer@antioche.eu.org>
To: gnats-bugs@NetBSD.org
Cc: kern-bug-people@NetBSD.org, netbsd-bugs@NetBSD.org, gnats-admin@NetBSD.org,
pooka@NetBSD.org, Wolfgang.Stukenbrock@nagler-company.com
Subject: Re: kern/44369 (raw_usrreq() may fail to release kernel lock)
Date: Wed, 12 Jan 2011 19:27:56 +0100
On Tue, Jan 11, 2011 at 10:53:14AM +0000, pooka@NetBSD.org wrote:
> Synopsis: raw_usrreq() may fail to release kernel lock
>
> State-Changed-From-To: open->closed
> State-Changed-By: pooka@NetBSD.org
> State-Changed-When: Tue, 11 Jan 2011 12:53:13 +0200
> State-Changed-Why:
> patch applied. thanks!
Hi,
did you check if netbsd-4 or netbsd-5 is affected ?
if so, please send pullup requests.
--
Manuel Bouyer <bouyer@antioche.eu.org>
NetBSD: 26 ans d'experience feront toujours la difference
--
From: Antti Kantee <pooka@NetBSD.org>
To: Manuel Bouyer <bouyer@antioche.eu.org>
Cc: gnats-bugs@NetBSD.org, kern-bug-people@NetBSD.org,
netbsd-bugs@NetBSD.org, gnats-admin@NetBSD.org,
Wolfgang.Stukenbrock@nagler-company.com
Subject: Re: kern/44369 (raw_usrreq() may fail to release kernel lock)
Date: Thu, 13 Jan 2011 19:31:29 +0200
On Wed Jan 12 2011 at 19:27:56 +0100, Manuel Bouyer wrote:
> On Tue, Jan 11, 2011 at 10:53:14AM +0000, pooka@NetBSD.org wrote:
> > Synopsis: raw_usrreq() may fail to release kernel lock
> >
> > State-Changed-From-To: open->closed
> > State-Changed-By: pooka@NetBSD.org
> > State-Changed-When: Tue, 11 Jan 2011 12:53:13 +0200
> > State-Changed-Why:
> > patch applied. thanks!
>
> Hi,
> did you check if netbsd-4 or netbsd-5 is affected ?
> if so, please send pullup requests.
I checked netbsd-5 now and issued a pullup. I didn't bother with
netbsd-4, since yesterday when we analyzed the problem with kefren we
couldn't find any critical issues: the kernel lock is fully dropped
always when a lock holder blocks, so biglock leak has effect only when
when a thread which made a PRU_SENSE call is running. Additionally,
the lock level is reset to 0 when an lwp exists (at least currently).
So while in theory an attacker could use PRU_SENSE from multiple lwps
and busyloop all of them, there must be easier ways to DoS a system.
--
älä karot toivorikkauttas, kyl rätei ja lumpui piisaa
From: "Manuel Bouyer" <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/44369 CVS commit: [netbsd-5] src/sys/net
Date: Sun, 16 Jan 2011 13:04:33 +0000
Module Name: src
Committed By: bouyer
Date: Sun Jan 16 13:04:33 UTC 2011
Modified Files:
src/sys/net [netbsd-5]: raw_usrreq.c
Log Message:
Pull up following revision(s) (requested by pooka in ticket #1529):
sys/net/raw_usrreq.c: revision 1.36
Apply patch from PR kern/44369 by Wolfgang Stukenbrock.
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.35.8.1 src/sys/net/raw_usrreq.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Manuel Bouyer" <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/44369 CVS commit: [netbsd-5-1] src/sys/net
Date: Sun, 16 Jan 2011 13:04:46 +0000
Module Name: src
Committed By: bouyer
Date: Sun Jan 16 13:04:45 UTC 2011
Modified Files:
src/sys/net [netbsd-5-1]: raw_usrreq.c
Log Message:
Pull up following revision(s) (requested by pooka in ticket #1529):
sys/net/raw_usrreq.c: revision 1.36
Apply patch from PR kern/44369 by Wolfgang Stukenbrock.
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.35.22.1 src/sys/net/raw_usrreq.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Manuel Bouyer" <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/44369 CVS commit: [netbsd-5-0] src/sys/net
Date: Sun, 16 Jan 2011 13:04:51 +0000
Module Name: src
Committed By: bouyer
Date: Sun Jan 16 13:04:51 UTC 2011
Modified Files:
src/sys/net [netbsd-5-0]: raw_usrreq.c
Log Message:
Pull up following revision(s) (requested by pooka in ticket #1529):
sys/net/raw_usrreq.c: revision 1.36
Apply patch from PR kern/44369 by Wolfgang Stukenbrock.
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.35.14.1 src/sys/net/raw_usrreq.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home