[PATCH v1 1/1] USB: serial: Add boundry check for read_urbs array access

[PATCH v1 1/1] USB: serial: Add boundry check for read_urbs array access

[sathyanarayanan.kuppuswamy]

From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>

In usb_serial_generic_submit_read_urb() function we are accessing the
port->read_urbs array without any boundry checks. This might lead to
kernel panic when index value goes above array length.

One posible call path for this issue is,

usb_serial_generic_read_bulk_callback()
{
 ...
 if (!port->throttled) {
	usb_serial_generic_submit_read_urb(port, i, GFP_ATOMIC);
 ...
}

This patch fixes this issue.

Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
---
 drivers/usb/serial/generic.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/usb/serial/generic.c b/drivers/usb/serial/generic.c
index 2274d96..72ebdde 100644
--- a/drivers/usb/serial/generic.c
+++ b/drivers/usb/serial/generic.c
@@ -306,6 +306,9 @@ static int usb_serial_generic_submit_read_urb(struct usb_serial_port *port,
 {
 	int res;
 
+	if (index >= ARRAY_SIZE(port->read_urbs))
+		return -EINVAL;
+
 	if (!test_and_clear_bit(index, &port->read_urbs_free))
 		return 0;
 
-- 
2.7.4

[v1,1/1] USB: serial: Add boundry check for read_urbs array access

[sathyanarayanan.kuppuswamy]

From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>

In usb_serial_generic_submit_read_urb() function we are accessing the
port->read_urbs array without any boundry checks. This might lead to
kernel panic when index value goes above array length.

One posible call path for this issue is,

usb_serial_generic_read_bulk_callback()
{
 ...
 if (!port->throttled) {
	usb_serial_generic_submit_read_urb(port, i, GFP_ATOMIC);
 ...
}

This patch fixes this issue.

Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
---
 drivers/usb/serial/generic.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/usb/serial/generic.c b/drivers/usb/serial/generic.c
index 2274d96..72ebdde 100644
--- a/drivers/usb/serial/generic.c
+++ b/drivers/usb/serial/generic.c
@@ -306,6 +306,9 @@ static int usb_serial_generic_submit_read_urb(struct usb_serial_port *port,
 {
 	int res;
 
+	if (index >= ARRAY_SIZE(port->read_urbs))
+		return -EINVAL;
+
 	if (!test_and_clear_bit(index, &port->read_urbs_free))
 		return 0;
 

Re: [PATCH v1 1/1] USB: serial: Add boundry check for read_urbs array access

[Greg KH]

On Wed, Mar 07, 2018 at 12:23:56PM -0800, sathyanarayanan.kuppuswamy@linux.intel.com wrote:
> From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
> 
> In usb_serial_generic_submit_read_urb() function we are accessing the
> port->read_urbs array without any boundry checks. This might lead to
> kernel panic when index value goes above array length.
> 
> One posible call path for this issue is,
> 
> usb_serial_generic_read_bulk_callback()
> {
>  ...
>  if (!port->throttled) {
> 	usb_serial_generic_submit_read_urb(port, i, GFP_ATOMIC);
>  ...
> }

How does i ever get to be greater than the array size here in this
function?  It directly came from looking in that array in the first
place :)

So I don't see why your check is needed, what other code path would ever
call this function in a way that the bounds check would be needed?

thanks,

greg k-h

[v1,1/1] USB: serial: Add boundry check for read_urbs array access

[Greg Kroah-Hartman]

On Wed, Mar 07, 2018 at 12:23:56PM -0800, sathyanarayanan.kuppuswamy@linux.intel.com wrote:
> From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
> 
> In usb_serial_generic_submit_read_urb() function we are accessing the
> port->read_urbs array without any boundry checks. This might lead to
> kernel panic when index value goes above array length.
> 
> One posible call path for this issue is,
> 
> usb_serial_generic_read_bulk_callback()
> {
>  ...
>  if (!port->throttled) {
> 	usb_serial_generic_submit_read_urb(port, i, GFP_ATOMIC);
>  ...
> }

How does i ever get to be greater than the array size here in this
function?  It directly came from looking in that array in the first
place :)

So I don't see why your check is needed, what other code path would ever
call this function in a way that the bounds check would be needed?

thanks,

greg k-h
---
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v1 1/1] USB: serial: Add boundry check for read_urbs array access

[sathyanarayanan kuppuswamy]

On 03/07/2018 12:58 PM, Greg KH wrote:
> On Wed, Mar 07, 2018 at 12:23:56PM -0800, sathyanarayanan.kuppuswamy@linux.intel.com wrote:
>> From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
>>
>> In usb_serial_generic_submit_read_urb() function we are accessing the
>> port->read_urbs array without any boundry checks. This might lead to
>> kernel panic when index value goes above array length.
>>
>> One posible call path for this issue is,
>>
>> usb_serial_generic_read_bulk_callback()
>> {
>>   ...
>>   if (!port->throttled) {
>> 	usb_serial_generic_submit_read_urb(port, i, GFP_ATOMIC);
>>   ...
>> }
> How does i ever get to be greater than the array size here in this
> function?  It directly came from looking in that array in the first
> place :)
>
> So I don't see why your check is needed, what other code path would ever
> call this function in a way that the bounds check would be needed?
void usb_serial_generic_read_bulk_callback(struct urb *urb)

385         for (i = 0; i < ARRAY_SIZE(port->read_urbs); ++i) {
386                 if (urb == port->read_urbs[i])
387                         break;
388         }

In here, after this for loop is done (without any matching urb), i value 
will be equal to ARRAY_SIZE(port->read_urbs). So there is a possibility 
of usb_serial_generic_submit_read_urb() getting called with this invalid 
index.

>
> thanks,
>
> greg k-h
> --
> To unsubscribe from this list: send the line "unsubscribe linux-usb" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

-- 
Sathyanarayanan Kuppuswamy
Linux kernel developer

[v1,1/1] USB: serial: Add boundry check for read_urbs array access

[sathyanarayanan.kuppuswamy]

On 03/07/2018 12:58 PM, Greg KH wrote:
> On Wed, Mar 07, 2018 at 12:23:56PM -0800, sathyanarayanan.kuppuswamy@linux.intel.com wrote:
>> From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
>>
>> In usb_serial_generic_submit_read_urb() function we are accessing the
>> port->read_urbs array without any boundry checks. This might lead to
>> kernel panic when index value goes above array length.
>>
>> One posible call path for this issue is,
>>
>> usb_serial_generic_read_bulk_callback()
>> {
>>   ...
>>   if (!port->throttled) {
>> 	usb_serial_generic_submit_read_urb(port, i, GFP_ATOMIC);
>>   ...
>> }
> How does i ever get to be greater than the array size here in this
> function?  It directly came from looking in that array in the first
> place :)
>
> So I don't see why your check is needed, what other code path would ever
> call this function in a way that the bounds check would be needed?
void usb_serial_generic_read_bulk_callback(struct urb *urb)

385         for (i = 0; i < ARRAY_SIZE(port->read_urbs); ++i) {
386                 if (urb == port->read_urbs[i])
387                         break;
388         }

In here, after this for loop is done (without any matching urb), i value 
will be equal to ARRAY_SIZE(port->read_urbs). So there is a possibility 
of usb_serial_generic_submit_read_urb() getting called with this invalid 
index.

>
> thanks,
>
> greg k-h
> --
> To unsubscribe from this list: send the line "unsubscribe linux-usb" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Re: [PATCH v1 1/1] USB: serial: Add boundry check for read_urbs array access

[Oliver Neukum]

Am Mittwoch, den 07.03.2018, 13:41 -0800 schrieb sathyanarayanan
kuppuswamy       :
> 
> On 03/07/2018 12:58 PM, Greg KH wrote:

> > So I don't see why your check is needed, what other code path would ever
> > call this function in a way that the bounds check would be needed?
> void usb_serial_generic_read_bulk_callback(struct urb *urb)
> 
> 385         for (i = 0; i < ARRAY_SIZE(port->read_urbs); ++i) {
> 386                 if (urb == port->read_urbs[i])
> 387                         break;
> 388         }
> 
> In here, after this for loop is done (without any matching urb), i value 
> will be equal to ARRAY_SIZE(port->read_urbs). So there is a possibility 
> of usb_serial_generic_submit_read_urb() getting called with this invalid 
> index.

If this happens the function was called for a stray URB.
Your check comes to late. We have called set_bit with an invalid index
and other shit.
We definitely do not just want to return an error in that case.

	Regards
		Oliver

[v1,1/1] USB: serial: Add boundry check for read_urbs array access

[Oliver Neukum]

Am Mittwoch, den 07.03.2018, 13:41 -0800 schrieb sathyanarayanan
kuppuswamy       :
> 
> On 03/07/2018 12:58 PM, Greg KH wrote:

> > So I don't see why your check is needed, what other code path would ever
> > call this function in a way that the bounds check would be needed?
> void usb_serial_generic_read_bulk_callback(struct urb *urb)
> 
> 385         for (i = 0; i < ARRAY_SIZE(port->read_urbs); ++i) {
> 386                 if (urb == port->read_urbs[i])
> 387                         break;
> 388         }
> 
> In here, after this for loop is done (without any matching urb), i value 
> will be equal to ARRAY_SIZE(port->read_urbs). So there is a possibility 
> of usb_serial_generic_submit_read_urb() getting called with this invalid 
> index.

If this happens the function was called for a stray URB.
Your check comes to late. We have called set_bit with an invalid index
and other shit.
We definitely do not just want to return an error in that case.

	Regards
		Oliver
---
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v1 1/1] USB: serial: Add boundry check for read_urbs array access

[Greg KH]

On Wed, Mar 07, 2018 at 01:41:51PM -0800, sathyanarayanan kuppuswamy wrote:
> 
> 
> On 03/07/2018 12:58 PM, Greg KH wrote:
> > On Wed, Mar 07, 2018 at 12:23:56PM -0800, sathyanarayanan.kuppuswamy@linux.intel.com wrote:
> > > From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
> > > 
> > > In usb_serial_generic_submit_read_urb() function we are accessing the
> > > port->read_urbs array without any boundry checks. This might lead to
> > > kernel panic when index value goes above array length.
> > > 
> > > One posible call path for this issue is,
> > > 
> > > usb_serial_generic_read_bulk_callback()
> > > {
> > >   ...
> > >   if (!port->throttled) {
> > > 	usb_serial_generic_submit_read_urb(port, i, GFP_ATOMIC);
> > >   ...
> > > }
> > How does i ever get to be greater than the array size here in this
> > function?  It directly came from looking in that array in the first
> > place :)
> > 
> > So I don't see why your check is needed, what other code path would ever
> > call this function in a way that the bounds check would be needed?
> void usb_serial_generic_read_bulk_callback(struct urb *urb)
> 
> 385         for (i = 0; i < ARRAY_SIZE(port->read_urbs); ++i) {
> 386                 if (urb == port->read_urbs[i])
> 387                         break;
> 388         }
> 
> In here, after this for loop is done (without any matching urb),

How is it possible to not have any matching urbs here?  If that ever
happens, we have much worse problems happening in the USB stack :)

thanks,

greg k-h

[v1,1/1] USB: serial: Add boundry check for read_urbs array access

[Greg Kroah-Hartman]

On Wed, Mar 07, 2018 at 01:41:51PM -0800, sathyanarayanan kuppuswamy wrote:
> 
> 
> On 03/07/2018 12:58 PM, Greg KH wrote:
> > On Wed, Mar 07, 2018 at 12:23:56PM -0800, sathyanarayanan.kuppuswamy@linux.intel.com wrote:
> > > From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
> > > 
> > > In usb_serial_generic_submit_read_urb() function we are accessing the
> > > port->read_urbs array without any boundry checks. This might lead to
> > > kernel panic when index value goes above array length.
> > > 
> > > One posible call path for this issue is,
> > > 
> > > usb_serial_generic_read_bulk_callback()
> > > {
> > >   ...
> > >   if (!port->throttled) {
> > > 	usb_serial_generic_submit_read_urb(port, i, GFP_ATOMIC);
> > >   ...
> > > }
> > How does i ever get to be greater than the array size here in this
> > function?  It directly came from looking in that array in the first
> > place :)
> > 
> > So I don't see why your check is needed, what other code path would ever
> > call this function in a way that the bounds check would be needed?
> void usb_serial_generic_read_bulk_callback(struct urb *urb)
> 
> 385         for (i = 0; i < ARRAY_SIZE(port->read_urbs); ++i) {
> 386                 if (urb == port->read_urbs[i])
> 387                         break;
> 388         }
> 
> In here, after this for loop is done (without any matching urb),

How is it possible to not have any matching urbs here?  If that ever
happens, we have much worse problems happening in the USB stack :)

thanks,

greg k-h
---
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v1 1/1] USB: serial: Add boundry check for read_urbs array access

[sathyanarayanan kuppuswamy]

On 03/08/2018 12:54 AM, Oliver Neukum wrote:
> Am Mittwoch, den 07.03.2018, 13:41 -0800 schrieb sathyanarayanan
> kuppuswamy       :
>> On 03/07/2018 12:58 PM, Greg KH wrote:
>>> So I don't see why your check is needed, what other code path would ever
>>> call this function in a way that the bounds check would be needed?
>> void usb_serial_generic_read_bulk_callback(struct urb *urb)
>>
>> 385         for (i = 0; i < ARRAY_SIZE(port->read_urbs); ++i) {
>> 386                 if (urb == port->read_urbs[i])
>> 387                         break;
>> 388         }
>>
>> In here, after this for loop is done (without any matching urb), i value
>> will be equal to ARRAY_SIZE(port->read_urbs). So there is a possibility
>> of usb_serial_generic_submit_read_urb() getting called with this invalid
>> index.
> If this happens the function was called for a stray URB.
> Your check comes to late. We have called set_bit with an invalid index
> and other shit.
> We definitely do not just want to return an error in that case.
In that case do you think we should use some WARN_ON() for invalid index 
in usb_serial_generic_read_bulk_callback()?
>
> 	Regards
> 		Oliver
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-usb" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

-- 
Sathyanarayanan Kuppuswamy
Linux kernel developer

[v1,1/1] USB: serial: Add boundry check for read_urbs array access

[sathyanarayanan.kuppuswamy]

On 03/08/2018 12:54 AM, Oliver Neukum wrote:
> Am Mittwoch, den 07.03.2018, 13:41 -0800 schrieb sathyanarayanan
> kuppuswamy       :
>> On 03/07/2018 12:58 PM, Greg KH wrote:
>>> So I don't see why your check is needed, what other code path would ever
>>> call this function in a way that the bounds check would be needed?
>> void usb_serial_generic_read_bulk_callback(struct urb *urb)
>>
>> 385         for (i = 0; i < ARRAY_SIZE(port->read_urbs); ++i) {
>> 386                 if (urb == port->read_urbs[i])
>> 387                         break;
>> 388         }
>>
>> In here, after this for loop is done (without any matching urb), i value
>> will be equal to ARRAY_SIZE(port->read_urbs). So there is a possibility
>> of usb_serial_generic_submit_read_urb() getting called with this invalid
>> index.
> If this happens the function was called for a stray URB.
> Your check comes to late. We have called set_bit with an invalid index
> and other shit.
> We definitely do not just want to return an error in that case.
In that case do you think we should use some WARN_ON() for invalid index 
in usb_serial_generic_read_bulk_callback()?
>
> 	Regards
> 		Oliver
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-usb" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Re: [PATCH v1 1/1] USB: serial: Add boundry check for read_urbs array access

[Greg KH]

On Thu, Mar 08, 2018 at 03:29:48PM -0800, sathyanarayanan kuppuswamy wrote:
> 
> 
> On 03/08/2018 12:54 AM, Oliver Neukum wrote:
> > Am Mittwoch, den 07.03.2018, 13:41 -0800 schrieb sathyanarayanan
> > kuppuswamy       :
> > > On 03/07/2018 12:58 PM, Greg KH wrote:
> > > > So I don't see why your check is needed, what other code path would ever
> > > > call this function in a way that the bounds check would be needed?
> > > void usb_serial_generic_read_bulk_callback(struct urb *urb)
> > > 
> > > 385         for (i = 0; i < ARRAY_SIZE(port->read_urbs); ++i) {
> > > 386                 if (urb == port->read_urbs[i])
> > > 387                         break;
> > > 388         }
> > > 
> > > In here, after this for loop is done (without any matching urb), i value
> > > will be equal to ARRAY_SIZE(port->read_urbs). So there is a possibility
> > > of usb_serial_generic_submit_read_urb() getting called with this invalid
> > > index.
> > If this happens the function was called for a stray URB.
> > Your check comes to late. We have called set_bit with an invalid index
> > and other shit.
> > We definitely do not just want to return an error in that case.
> In that case do you think we should use some WARN_ON() for invalid index in
> usb_serial_generic_read_bulk_callback()?

No, again, how could that ever happen?

Don't add pointless error checking for things that are impossible to
ever hit :)

thanks,

greg k-h

[v1,1/1] USB: serial: Add boundry check for read_urbs array access

[Greg Kroah-Hartman]

On Thu, Mar 08, 2018 at 03:29:48PM -0800, sathyanarayanan kuppuswamy wrote:
> 
> 
> On 03/08/2018 12:54 AM, Oliver Neukum wrote:
> > Am Mittwoch, den 07.03.2018, 13:41 -0800 schrieb sathyanarayanan
> > kuppuswamy       :
> > > On 03/07/2018 12:58 PM, Greg KH wrote:
> > > > So I don't see why your check is needed, what other code path would ever
> > > > call this function in a way that the bounds check would be needed?
> > > void usb_serial_generic_read_bulk_callback(struct urb *urb)
> > > 
> > > 385         for (i = 0; i < ARRAY_SIZE(port->read_urbs); ++i) {
> > > 386                 if (urb == port->read_urbs[i])
> > > 387                         break;
> > > 388         }
> > > 
> > > In here, after this for loop is done (without any matching urb), i value
> > > will be equal to ARRAY_SIZE(port->read_urbs). So there is a possibility
> > > of usb_serial_generic_submit_read_urb() getting called with this invalid
> > > index.
> > If this happens the function was called for a stray URB.
> > Your check comes to late. We have called set_bit with an invalid index
> > and other shit.
> > We definitely do not just want to return an error in that case.
> In that case do you think we should use some WARN_ON() for invalid index in
> usb_serial_generic_read_bulk_callback()?

No, again, how could that ever happen?

Don't add pointless error checking for things that are impossible to
ever hit :)

thanks,

greg k-h
---
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v1 1/1] USB: serial: Add boundry check for read_urbs array access

[sathyanarayanan kuppuswamy]

On 03/08/2018 03:43 PM, Greg KH wrote:
> On Thu, Mar 08, 2018 at 03:29:48PM -0800, sathyanarayanan kuppuswamy wrote:
>>
>> On 03/08/2018 12:54 AM, Oliver Neukum wrote:
>>> Am Mittwoch, den 07.03.2018, 13:41 -0800 schrieb sathyanarayanan
>>> kuppuswamy       :
>>>> On 03/07/2018 12:58 PM, Greg KH wrote:
>>>>> So I don't see why your check is needed, what other code path would ever
>>>>> call this function in a way that the bounds check would be needed?
>>>> void usb_serial_generic_read_bulk_callback(struct urb *urb)
>>>>
>>>> 385         for (i = 0; i < ARRAY_SIZE(port->read_urbs); ++i) {
>>>> 386                 if (urb == port->read_urbs[i])
>>>> 387                         break;
>>>> 388         }
>>>>
>>>> In here, after this for loop is done (without any matching urb), i value
>>>> will be equal to ARRAY_SIZE(port->read_urbs). So there is a possibility
>>>> of usb_serial_generic_submit_read_urb() getting called with this invalid
>>>> index.
>>> If this happens the function was called for a stray URB.
>>> Your check comes to late. We have called set_bit with an invalid index
>>> and other shit.
>>> We definitely do not just want to return an error in that case.
>> In that case do you think we should use some WARN_ON() for invalid index in
>> usb_serial_generic_read_bulk_callback()?
> No, again, how could that ever happen?
>
> Don't add pointless error checking for things that are impossible to
> ever hit :)
Thanks Greg.
>
> thanks,
>
> greg k-h
> --
> To unsubscribe from this list: send the line "unsubscribe linux-usb" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

-- 
Sathyanarayanan Kuppuswamy
Linux kernel developer

[v1,1/1] USB: serial: Add boundry check for read_urbs array access

[sathyanarayanan.kuppuswamy]

On 03/08/2018 03:43 PM, Greg KH wrote:
> On Thu, Mar 08, 2018 at 03:29:48PM -0800, sathyanarayanan kuppuswamy wrote:
>>
>> On 03/08/2018 12:54 AM, Oliver Neukum wrote:
>>> Am Mittwoch, den 07.03.2018, 13:41 -0800 schrieb sathyanarayanan
>>> kuppuswamy       :
>>>> On 03/07/2018 12:58 PM, Greg KH wrote:
>>>>> So I don't see why your check is needed, what other code path would ever
>>>>> call this function in a way that the bounds check would be needed?
>>>> void usb_serial_generic_read_bulk_callback(struct urb *urb)
>>>>
>>>> 385         for (i = 0; i < ARRAY_SIZE(port->read_urbs); ++i) {
>>>> 386                 if (urb == port->read_urbs[i])
>>>> 387                         break;
>>>> 388         }
>>>>
>>>> In here, after this for loop is done (without any matching urb), i value
>>>> will be equal to ARRAY_SIZE(port->read_urbs). So there is a possibility
>>>> of usb_serial_generic_submit_read_urb() getting called with this invalid
>>>> index.
>>> If this happens the function was called for a stray URB.
>>> Your check comes to late. We have called set_bit with an invalid index
>>> and other shit.
>>> We definitely do not just want to return an error in that case.
>> In that case do you think we should use some WARN_ON() for invalid index in
>> usb_serial_generic_read_bulk_callback()?
> No, again, how could that ever happen?
>
> Don't add pointless error checking for things that are impossible to
> ever hit :)
Thanks Greg.
>
> thanks,
>
> greg k-h
> --
> To unsubscribe from this list: send the line "unsubscribe linux-usb" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>