| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20061022205413.GB3093@redhat.com> Date: Sun, 22 Oct 2006 16:54:13 -0400 From: Dave Jones <davej@...hat.com> To: Pekka Enberg <penberg@...helsinki.fi> Cc: Linux Kernel <linux-kernel@...r.kernel.org>, Luca Risolia <luca.risolia@...dio.unibo.it> Subject: Re: sn9c10x list corruption in 2.6.18.1 On Sun, Oct 22, 2006 at 11:37:06PM +0300, Pekka Enberg wrote: > On 10/22/06, Dave Jones <davej@...hat.com> wrote: > > What's odd here is that we have a list entry still on a list, with its ->next set to > > LIST_POISON2, which should only ever happen after an entry has been removed from > > a list. The list manipulation in cache_alloc_refill is all done under l3->list_lock, > > so I'm puzzled how this is possible. > > > > I found one area in the driver where we do list manipulation without any locking, > > but I'm not entirely convinced that this is the source of the bug yet. > > But I don't see how that could cause a slab list to go bad. An > old-fashioned slab corruption sounds more like it. Does the the kernel > have CONFIG_SLAB_DEBUG enabled? No, but I'll do a test build for the next update with it enabled to see if that's any more enlightening. Dave -- http://www.codemonkey.org.uk - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists