lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 17 Aug 2009 22:55:43 -0500
From:	James Bottomley <James.Bottomley@...senPartnership.com>
To:	Rusty Russell <rusty@...tcorp.com.au>
Cc:	Helge Deller <deller@....de>,
	linux-parisc <linux-parisc@...r.kernel.org>,
	Roland McGrath <roland@...hat.com>,
	linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: kernel segv with 2.6.31-rc6 ?

On Tue, 2009-08-18 at 12:48 +0930, Rusty Russell wrote:
> On Tue, 18 Aug 2009 08:19:36 am James Bottomley wrote:
> > The root cause is a duplicate section name (.text); is this legal?
> 
> I'd be happy to fail to load it.  There might be sysfs issues with it
> too.

Well, that's why I want clarification.  The bad code has been in since
2007 so it looks like a recent change, probably the one to more default
linker scripts is the cause.

> > However, there's a problem with commit
> > 6d76013381ed28979cd122eb4b249a88b5e384fa in that if you fail to allocate
> > a mod->sect_attrs (in this case it's null because of the duplication),
> > it still gets used without checking in add_notes_attrs()
> > 
> > This should fix it
> 
> No, the real problem is that it ignores failure.  I'd much rather fail
> the module load than various features mysteriously MIA.

There are two separate problems.  One is why the the module has
duplicate sections.  Under my reading of the ELF spec, they seem to be
allowable ... however we control the linker scripts and I believe we
shouldn't have generated them.

The other is the missing error handling in the module loader.

The question of whether this is a generic failure that needs load
refusal or an expected artifact of our new linker scripts needs
investigating.

> Which brings us to "patches which don't go thru the maintainer" (or
> perhaps, non-responsive maintainers who get bypassed).

Well, the original code was in 2007, so it's probably a bit late for a
postmortem.

James


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists