| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 9 Nov 2011 17:51:59 +0100
From: Stanislaw Gruszka <sgruszka@...hat.com>
To: Tomáš Janoušek <tomi@...i.cz>
Cc: linux-kernel@...r.kernel.org, Wey-Yi Guy <wey-yi.w.guy@...el.com>,
linux-wireless@...r.kernel.org
Subject: Re: iwlagn: memory corruption with WPA enterprise
Hi
On Wed, Nov 09, 2011 at 04:54:11PM +0100, Tomáš Janoušek wrote:
> On Mon, Oct 31, 2011 at 05:03:43PM +0100, Stanislaw Gruszka wrote:
> > You may try debugging patches I posted a while ago:
> > http://marc.info/?l=linux-mm&m=131914560820378&w=2
> > http://marc.info/?l=linux-mm&m=131914560820293&w=2
> > http://marc.info/?l=linux-mm&m=131914560820317&w=2
> >
> > With a bit of luck, kernel should panic and dump call-trace when
> > bad code start to write at memory addresses where is not suppose
> > to.
>
> Thanks for your suggestions. I did as you told me, applied those 3 patches on
> top of 3.1 + net-next (the one from 29 Oct 2011), enabled all those things in
> config and passed corrupt_dbg=1 on cmdline, but the problem happens without
> anything being written to dmesg.
I just discovered that CONFIG_DEBUG_PAGEALLOC does not work as expected.
It leave most of free pages unprotected, hence unintentional write to
them is not discovered. I'm attaching additional patch, which should
make detection actually work.
If kernel will does not boot with corrupt_dbg=1, you may try to catch
corruption without that option. Attached patch should make it possible,
however having corrupt_dbg=1 increase probability of the catch.
Thanks
Stanislaw
View attachment "0001-mm-remove-debug_pagealloc_enabled.patch" of type "text/plain" (3224 bytes)
Powered by blists - more mailing lists