Re: kern/44369 (raw_usrreq() may fail to release kernel lock)

[Antti Kantee <pooka%NetBSD.org@localhost>]

The following reply was made to PR kern/44369; it has been noted by GNATS.

From: Antti Kantee <pooka%NetBSD.org@localhost>
To: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Cc: gnats-bugs%NetBSD.org@localhost, kern-bug-people%NetBSD.org@localhost,
        netbsd-bugs%NetBSD.org@localhost, gnats-admin%NetBSD.org@localhost,
        Wolfgang.Stukenbrock%nagler-company.com@localhost
Subject: Re: kern/44369 (raw_usrreq() may fail to release kernel lock)
Date: Thu, 13 Jan 2011 19:31:29 +0200

 On Wed Jan 12 2011 at 19:27:56 +0100, Manuel Bouyer wrote:
 > On Tue, Jan 11, 2011 at 10:53:14AM +0000, pooka%NetBSD.org@localhost wrote:
 > > Synopsis: raw_usrreq() may fail to release kernel lock
 > > 
 > > State-Changed-From-To: open->closed
 > > State-Changed-By: pooka%NetBSD.org@localhost
 > > State-Changed-When: Tue, 11 Jan 2011 12:53:13 +0200
 > > State-Changed-Why:
 > > patch applied.  thanks!
 > 
 > Hi,
 > did you check if netbsd-4 or netbsd-5 is affected ?
 > if so, please send pullup requests.
 
 I checked netbsd-5 now and issued a pullup.  I didn't bother with
 netbsd-4, since yesterday when we analyzed the problem with kefren we
 couldn't find any critical issues: the kernel lock is fully dropped
 always when a lock holder blocks, so biglock leak has effect only when
 when a thread which made a PRU_SENSE call is running.  Additionally,
 the lock level is reset to 0 when an lwp exists (at least currently).
 So while in theory an attacker could use PRU_SENSE from multiple lwps
 and busyloop all of them, there must be easier ways to DoS a system.
 
 -- 
 älä karot toivorikkauttas, kyl rätei ja lumpui piisaa