| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 18 Jul 2008 12:02:26 +0300
From: "Pekka Enberg" <penberg@...helsinki.fi>
To: "Evgeniy Polyakov" <johnpol@....mipt.ru>
Cc: "Ingo Molnar" <mingo@...e.hu>, linux-kernel@...r.kernel.org,
netdev@...r.kernel.org, "Vegard Nossum" <vegard.nossum@...il.com>,
"Rafael J. Wysocki" <rjw@...k.pl>
Subject: Re: [bug, netconsole, SLUB] BUG skbuff_head_cache: Poison overwritten
Hi Evgeniy,
On Fri, Jul 18, 2008 at 8:46 AM, Evgeniy Polyakov <johnpol@....mipt.ru> wrote:
> Hi Ingo.
>
> On Thu, Jul 17, 2008 at 11:42:22PM +0200, Ingo Molnar (mingo@...e.hu) wrote:
>> Pid: 5098, comm: gdm-binary Not tainted 2.6.26-tip #3094
>> [<c0186f99>] print_trailer+0xa9/0xf0
>> [<c018707b>] check_bytes_and_report+0x9b/0xc0
>> [<c01874ae>] check_object+0x19e/0x1e0
>> [<c0187ef1>] __slab_alloc+0x371/0x4e0
>> [<c0188552>] kmem_cache_alloc+0xb2/0xc0
>> [<c06732dc>] ? __alloc_skb+0x2c/0x110
>
> Out of curiosity, why does it scream at allocation time?
Because it's checking for use-after-free errors. The object is
poisoned with POISON_FREE when it's free'd and we verify the poison
values at allocation time.
On Fri, Jul 18, 2008 at 8:46 AM, Evgeniy Polyakov <johnpol@....mipt.ru> wrote:
> Does SLUB have a debug check at freeing time? If so, how does it work
> and why didn't it caught use after free there?
You can't detect use after free before the object is actually free'd ;-)
Pekka
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists