lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 12 Jun 2008 21:36:45 +0200
From:	Jarek Poplawski <jarkao2@...il.com>
To:	Patrick McHardy <kaber@...sh.net>
CC:	for.poige+linux@...il.com, netdev@...r.kernel.org
Subject: Re: re-formated /Re: Hi!Couldn't you take a look at kernel stack's
   trace? (ip_route_input+0x91a/0xcc9)/

Patrick McHardy wrote, On 06/12/2008 02:26 PM:

> Igor Podlesny wrote:
>> 2008/6/12 Patrick McHardy <kaber@...sh.net>:
>>>> Igor Podlesny wrote:
>>>>>>  Pid: 8, comm: sirq-net-rx/0 Not tainted (2.6.25.4-rt4aa-gcc43 #1)
>>                                             ^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>> 	(2.6.25.4-rt4aa-gcc43)
>> 	
>> 	-RT is real-time: http://rt.wiki.kernel.org/index.php/Main_Page

Hi,

Maybe I got something wrong but it seems to be this place:

static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
                               u8 tos, struct net_device *dev)
...
        if (!IN_DEV_FORWARD(in_dev))
                goto e_hostunreach;
        if (res.type != RTN_UNICAST)
                goto martian_destination;

        err = ip_mkroute_input(skb, &res, &fl, in_dev, daddr, saddr, tos);
done:
        in_dev_put(in_dev);
        if (free_res)
                fib_res_put(&res);	<------------
out:    return err;
=====
static inline void fib_res_put(struct fib_result *res)
{
        if (res->fi)
                fib_info_put(res->fi);	<------------
#ifdef CONFIG_IP_MULTIPLE_TABLES
        if (res->r)
                fib_rule_put(res->r);
#endif
}
=====
static inline void fib_info_put(struct fib_info *fi)
{
        if (atomic_dec_and_test(&fi->fib_clntref))	<---------
                free_fib_info(fi);
}

Looks like EDX: 00000001 is fi, and fi + 0x18 is for fib_clntref,
but I didn't track it further.

Igor, probably for this list it's more interesting if it's reproducible
with unpatched kernels, and if you tried other than 2.6.25 versions
for this?

Thanks,
Jarek P.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ