While playing with chromium u2f support[1] I managed to induce kernel
crashes in filt_uhidrdetach. It takes a few attempts of plugging/unplugging
the fido key while trying to authenticate at demo.yubico.com/playground.
Eventually the kernel panics with this stack trace (retyped from [2]):
filt_uhidrdetach+0x33: movq 0x8(%rcx), rcx
kqueue_close
drop
closef
fdfree
exit1
single_thread_check
userret
intr_user_exit
The blunt patch below makes the kernel not crash and print the diagnostic
message, but it's really crude because I don't know what I'm doing.
diff --git a/sys/dev/usb/uhid.c b/sys/dev/usb/uhid.c
index 9cadd22ad35..428b7a63770 100644
--- a/sys/dev/usb/uhid.c
+++ b/sys/dev/usb/uhid.c
@@ -441,7 +441,10 @@ filt_uhidrdetach(struct knote *kn)
{
struct uhid_softc *sc = (void *)kn->kn_hook;
int s;
-
+ if (SLIST_FIRST(&sc->sc_rsel.si_note) == NULL) {
+ printf("SLIST_FIRST is null\n");
+ return;
+ }
s = splusb();
SLIST_REMOVE(&sc->sc_rsel.si_note, kn, knote, kn_selnext);
splx(s);
Thanks
Greg
[1] https://marc.info/?l=openbsd-ports&m=157784078117717
[2] https://photos.app.goo.gl/9ZZhiHvMoYYYHDEx5
--
nest.cx is Gmail hosted, use PGP:
https://pgp.key-server.io/0x0B1542BD8DF5A1B0
Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0
