Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kernel: remove problematic pend() assertion #23000

Merged
merged 1 commit into from
Feb 21, 2020
Merged

kernel: remove problematic pend() assertion #23000

merged 1 commit into from
Feb 21, 2020

Conversation

andrewboie
Copy link
Contributor

This assertion, if built in, allows users threads to crash
the kernel in a critical section by passing a negative timeout
value, creating a DoS attack vector.

Remove this assertion, immediately below it there's a check
which just resets it to 0 anyway.

Fixes: #22999

Signed-off-by: Andrew Boie [email protected]

kernel: remove problematic pend() assertion
c7c888b 
This assertion, if built in, allows users threads to crash
the kernel in a critical section by passing a negative timeout
value, creating a DoS attack vector.

Remove this assertion, immediately below it there's a check
which just resets it to 0 anyway.

Fixes: zephyrproject-rtos#22999

Signed-off-by: Andrew Boie <[email protected]>
@andrewboie andrewboie added bug The issue is a bug, or the PR is fixing a bug priority: medium Medium impact/importance bug labels Feb 21, 2020
@andrewboie andrewboie added this to the v2.2.0 milestone Feb 21, 2020
@nordic-krch
Copy link
Contributor

nordic-krch commented Feb 21, 2020
edited
Loading

note that there is a kind of precedence in this case. If user provides invalid value (api states that it must be non-negative of K_FORVER) then value is fixed. It was added only temporarily, together with the assert to detect misuse. Temporarily because timers rework was about to progress (and it does not so far) and switch to unsigned values in near future. I know it's release time but if unsigned timeouts are not coming shortly then maybe it should return -EINVAL if wrong value is provided?

@andrewboie
Copy link
Contributor Author

I know it's release time but if unsigned timeouts are not coming shortly then maybe it should return -EINVAL if wrong value is provided?

We're at release time, and the code already clamps non K_FOREVER timeout values at 0 and above anyway.
If you want to work on this further do it in 2.3

@andrewboie andrewboie merged commit 896e32b into zephyrproject-rtos:master Feb 21, 2020
@andrewboie andrewboie deleted the pend-security-issue branch September 24, 2020 20:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dcpleung dcpleung dcpleung approved these changes

@carlescufi carlescufi carlescufi approved these changes

@jhedberg jhedberg jhedberg approved these changes

@andyross andyross andyross approved these changes

@nashif nashif nashif approved these changes

@ceolin ceolin Awaiting requested review from ceolin

@ioannisg ioannisg Awaiting requested review from ioannisg

@nordic-krch nordic-krch Awaiting requested review from nordic-krch

Assignees
No one assigned
Labels
area: Kernel bug The issue is a bug, or the PR is fixing a bug priority: medium Medium impact/importance bug
Projects
None yet
Milestone
v2.2.0
Development

Successfully merging this pull request may close these issues.

pend() assertion can allow user threads to crash the kernel
8 participants
@andrewboie @nordic-krch @nashif @andyross @jhedberg @carlescufi @dcpleung @zephyrbot