lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 25 Aug 2007 03:26:18 +0200
From:	Kay Sievers <kay.sievers@...y.org>
To:	Greg KH <greg@...ah.com>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	Mathieu Desnoyers <mathieu.desnoyers@...ymtl.ca>,
	linux-kernel@...r.kernel.org
Subject: Re: kernel BUG with 2.6.23-rc3-mm1: skb_over_panic

On Fri, 2007-08-24 at 17:46 -0700, Greg KH wrote:
> On Fri, Aug 24, 2007 at 05:44:50PM -0700, Andrew Morton wrote:
> > On Fri, 24 Aug 2007 20:16:38 -0400
> > Mathieu Desnoyers <mathieu.desnoyers@...ymtl.ca> wrote:
> > > * Andrew Morton (akpm@...ux-foundation.org) wrote:
> > > > On Fri, 24 Aug 2007 18:47:07 -0400
> > > > Mathieu Desnoyers <mathieu.desnoyers@...ymtl.ca> wrote:

> > > > > I get the following BUG when booting 2.6.23-rc3-mm1 on i386. I wonder if
> > > > > you would have some ideas about what is causing this problem. I'll start
> > > > > bissecting it soon. I seems to be caused by an buggy skb_put call in
> > > > > kobject_uevent_env.
> > > > 
> > > > hm, don't know, sorry.  Kay fixed a few things in there, but iirc pretty
> > > > much all of the fixes were in rc3-mm1 anyway.
> > > > 
> > > > I doubt if bisection will tell us a lot: it'll probably point at
> > > > gregkh-driver-driver-core-change-add_uevent_var-to-use-a-struct.patch.
> > > > 
> > > > What we _would_ like to know is which sysfs file is being written to.  We
> > > > used to have a debug patch to exactly address this problem but it got
> > > > transferred into Greg's tree from whence it mysteriously disappeared.
> > > > 
> > > 
> > > Ok, here it is:
> > > 
> > > filename :
> > > 
> > > /devices/pci0000:00/0000:00:1f.2/host0/target0:0:0/0:0:0:0/rev
> > 
> > Bah.  I've never found a sane way of going from a sysfs pathname back to the
> > code which implements that pathname :(
> > 
> > <greps the tree for '"rev"'>
> > 
> > <comes up with zilch>
> 
> It's a scsi file, as the above is a scsi device.  It's created in the
> drivers/scsi/scsi_sysfs.c file.
> 
> Kay, did you miss this set of attributes somehow?

We didn't really touch anything in scsi. I expect it's something messing
around with the buffer values.

Mathieu,
does this fix it? If it does, we need to find what's going wrong, as it
probably just hides a bug somewhere.

Thanks,
Kay


--- a/lib/kobject_uevent.c
+++ b/lib/kobject_uevent.c
@@ -176,7 +176,7 @@ int kobject_uevent_env(struct kobject *kobj, enum kobject_action action,
 
 		/* allocate message with the maximum possible size */
 		len = strlen(action_string) + strlen(devpath) + 2;
-		skb = alloc_skb(len + env->buflen, GFP_KERNEL);
+		skb = alloc_skb(len + UEVENT_BUFFER_SIZE, GFP_KERNEL);
 		if (skb) {
 			char *scratch;
 

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ