"9b077d72bcc313baea2b9283afc7f568739eaadc" (history) in projects: freebsd

Project(s)

Full Search
Definition
Symbol
File Path
History
Type

Searched hist:"9 b077d72bcc313baea2b9283afc7f568739eaadc" (Results 1 – 4 of 4) sorted by relevance

/freebsd/sys/dev/usb/
H A D	usb_dev.h	diff 9b077d72bcc313baea2b9283afc7f568739eaadc Fri Mar 31 19:14:18 CEST 2023 Hans Petter Selasky <hselasky@FreeBSD.org> usb(4): Separate the fast path and the slow path to avoid races and use-after-free for the USB FS interface. Bad behaving user-space USB applicatoins may crash the kernel by issuing USB FS related ioctl(2)'s out of their expected order. By default the USB FS ioctl(2) interface is only available to the administrator, root, and driver applications like webcamd(8) needs to be hijacked in order for this to happen. The issue is the fast-path code does not always see updates made by the slow-path code, and may then work on freed memory. This is easily fixed by using an EPOCH(9) type of synchronization mechanism. A SX(9) lock will be used as a substitute for EPOCH(9), due to the need for sleepability. In addition most calls going into the fast-path originate from a single user-space process and the need for multi-thread performance is not present. Differential Revision: https://reviews.freebsd.org/D39373 Reviewed by: markj@ Reported by: C Turt <ecturt@gmail.com> admbugs: 994 MFC after: 1 week Sponsored by: NVIDIA Networking
H A D	usb_generic.c	diff 9b077d72bcc313baea2b9283afc7f568739eaadc Fri Mar 31 19:14:18 CEST 2023 Hans Petter Selasky <hselasky@FreeBSD.org> usb(4): Separate the fast path and the slow path to avoid races and use-after-free for the USB FS interface. Bad behaving user-space USB applicatoins may crash the kernel by issuing USB FS related ioctl(2)'s out of their expected order. By default the USB FS ioctl(2) interface is only available to the administrator, root, and driver applications like webcamd(8) needs to be hijacked in order for this to happen. The issue is the fast-path code does not always see updates made by the slow-path code, and may then work on freed memory. This is easily fixed by using an EPOCH(9) type of synchronization mechanism. A SX(9) lock will be used as a substitute for EPOCH(9), due to the need for sleepability. In addition most calls going into the fast-path originate from a single user-space process and the need for multi-thread performance is not present. Differential Revision: https://reviews.freebsd.org/D39373 Reviewed by: markj@ Reported by: C Turt <ecturt@gmail.com> admbugs: 994 MFC after: 1 week Sponsored by: NVIDIA Networking
H A D	usb_dev.c	diff 9b077d72bcc313baea2b9283afc7f568739eaadc Fri Mar 31 19:14:18 CEST 2023 Hans Petter Selasky <hselasky@FreeBSD.org> usb(4): Separate the fast path and the slow path to avoid races and use-after-free for the USB FS interface. Bad behaving user-space USB applicatoins may crash the kernel by issuing USB FS related ioctl(2)'s out of their expected order. By default the USB FS ioctl(2) interface is only available to the administrator, root, and driver applications like webcamd(8) needs to be hijacked in order for this to happen. The issue is the fast-path code does not always see updates made by the slow-path code, and may then work on freed memory. This is easily fixed by using an EPOCH(9) type of synchronization mechanism. A SX(9) lock will be used as a substitute for EPOCH(9), due to the need for sleepability. In addition most calls going into the fast-path originate from a single user-space process and the need for multi-thread performance is not present. Differential Revision: https://reviews.freebsd.org/D39373 Reviewed by: markj@ Reported by: C Turt <ecturt@gmail.com> admbugs: 994 MFC after: 1 week Sponsored by: NVIDIA Networking
H A D	usb_device.c	diff 9b077d72bcc313baea2b9283afc7f568739eaadc Fri Mar 31 19:14:18 CEST 2023 Hans Petter Selasky <hselasky@FreeBSD.org> usb(4): Separate the fast path and the slow path to avoid races and use-after-free for the USB FS interface. Bad behaving user-space USB applicatoins may crash the kernel by issuing USB FS related ioctl(2)'s out of their expected order. By default the USB FS ioctl(2) interface is only available to the administrator, root, and driver applications like webcamd(8) needs to be hijacked in order for this to happen. The issue is the fast-path code does not always see updates made by the slow-path code, and may then work on freed memory. This is easily fixed by using an EPOCH(9) type of synchronization mechanism. A SX(9) lock will be used as a substitute for EPOCH(9), due to the need for sleepability. In addition most calls going into the fast-path originate from a single user-space process and the need for multi-thread performance is not present. Differential Revision: https://reviews.freebsd.org/D39373 Reviewed by: markj@ Reported by: C Turt <ecturt@gmail.com> admbugs: 994 MFC after: 1 week Sponsored by: NVIDIA Networking