| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Jun 2007 05:55:56 +0000
From: "young dave" <hidave.darkstar@...il.com>
To: "Christoph Lameter" <clameter@....com>
Cc: "Andrew Morton" <akpm@...ux-foundation.org>,
"Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>
Subject: Re: [BUG] 2.6.22-rc3-mm1 remove bluetooth usb adapter caused kmalloc bug
Hi,
>2007/6/6, Christoph Lameter <clameter@....com>:
> Note that the corruption seems to have its cause in a decrement done at
> offset 16 into the object pointing to the refcount in struct hci_dev. So
> it looks like the refcount was decremented after the object was freed.
>
> sysfs related?
>
I noticed in hci_core.c:
hci_dev_close call hci_dev_do_close , then call hci_dev_put
but in hci_dev_do_close also call hci_dev_put
Maybe this is the reason, by apply the below patch the bug seems
doesn't exist, but the strange thing is the 2.4.22-rc4 seems works, I
will test once more to see the result.
Signed-off-by: dave young <hidave.darkstar@...il.com>
---
net/bluetooth/hci_core.c | 1 -
1 file changed, 1 deletion(-)
diff -dur linux/net/bluetooth/hci_core.c linux.new/net/bluetooth/hci_core.c
--- linux/net/bluetooth/hci_core.c 2007-06-06 13:47:14.000000000 +0000
+++ linux.new/net/bluetooth/hci_core.c 2007-06-06 13:46:58.000000000 +0000
@@ -577,7 +577,6 @@
hci_req_unlock(hdev);
- hci_dev_put(hdev);
return 0;
}
Regards
dave
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists