lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4656FA04.5000403@redhat.com>
Date:	Fri, 25 May 2007 11:00:20 -0400
From:	Chuck Ebbert <cebbert@...hat.com>
To:	Andi Kleen <ak@...e.de>
CC:	linux-kernel <linux-kernel@...r.kernel.org>,
	Dave Jones <davej@...hat.com>
Subject: Multiple free during oprofile unload

After applying:

http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6c977aad03a18019015035958c65b6729cd0574c

    i386: Fix K8/core2 oprofile on multiple CPUs

We are seeing multiple free of the same object during oprofile shutdown.

May 25 07:02:56 vt kernel: oprofile: using NMI interrupt.
May 25 07:06:41 vt kernel: slab error in verify_redzone_free(): cache `size-32':
double free detected
May 25 07:06:41 vt kernel: 
May 25 07:06:41 vt kernel: Call Trace:
May 25 07:06:41 vt kernel:  [<ffffffff802d93e9>] __slab_error+0x24/0x26
May 25 07:06:41 vt kernel:  [<ffffffff80231fcc>] cache_free_debugcheck+0x110/0x222
May 25 07:06:41 vt kernel:  [<ffffffff8845dbd5>] :oprofile:free_msrs+0x28/0x66
May 25 07:06:41 vt kernel:  [<ffffffff8020b28d>] kfree+0xd7/0x27e
May 25 07:06:41 vt kernel:  [<ffffffff8845dbd5>] :oprofile:free_msrs+0x28/0x66
May 25 07:06:41 vt kernel:  [<ffffffff8845dc47>] :oprofile:nmi_shutdown+0x34/0x36
May 25 07:06:41 vt kernel:  [<ffffffff8845c070>]
:oprofile:oprofile_shutdown+0x23/0x46
May 25 07:06:41 vt kernel:  [<ffffffff8845cdf6>]
:oprofile:event_buffer_release+0x16/0x46
May 25 07:06:41 vt kernel:  [<ffffffff8021237d>] __fput+0xca/0x190
May 25 07:06:41 vt kernel:  [<ffffffff8022d9a7>] fput+0x14/0x16
May 25 07:06:41 vt kernel:  [<ffffffff80224656>] filp_close+0x66/0x71
May 25 07:06:41 vt kernel:  [<ffffffff80239632>] put_files_struct+0x6d/0xc0
May 25 07:06:41 vt kernel:  [<ffffffff80215126>] do_exit+0x296/0x80d
May 25 07:06:41 vt kernel:  [<ffffffff80248600>] debug_mutex_init+0x0/0x45
May 25 07:06:41 vt kernel:  [<ffffffff8024c115>] sys_exit_group+0x12/0x14
May 25 07:06:41 vt kernel:  [<ffffffff8025c11e>] system_call+0x7e/0x83

        for_each_possible_cpu(i) {
                kfree(cpu_msrs[i].counters);
                cpu_msrs[i].counters = NULL;
                kfree(cpu_msrs[i].controls);
                cpu_msrs[i].controls = NULL;
        }

Seems the patch makes all the cpu_msrs[] point to the same area?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ