| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Nov 2011 06:44:20 +0100 From: Stanislaw Gruszka <sgruszka@...hat.com> To: Adrian Chadd <adrian@...ebsd.org> Cc: Tomáš Janoušek <tomi@...i.cz>, linux-kernel@...r.kernel.org, Wey-Yi Guy <wey-yi.w.guy@...el.com>, linux-wireless@...r.kernel.org Subject: Re: iwlagn: memory corruption with WPA enterprise On Thu, Nov 10, 2011 at 11:31:45AM -0800, Adrian Chadd wrote: > .. are you sure it's a software use-after-free? I'm quite sure now this is not the problem here ... > What about "NIC DMA'ing stuff into completely incorrect space" after free? :-) > (Or a firmware/NIC bug where it scribbles to random memory at times..) Seems that is the reason of corruption, since CONFIG_DEBUG_PAGEALLOC doest not catch it. I'm not sure how to debug such issues, maybe enabling IOMMU will allow to debug? Other than trying iommu, would be good to check if problem also happens on 64bit kernels (CONFIG_IA32_EMULATION allow to use 64bit kernel with 32bit user-space), and configure CONFIG_DMA_API_DEBUG to see if there are any mistakes with programming DMA. Stanislaw -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists