lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.61.0707301127050.679@mtfhpc.demon.co.uk>
Date:	Mon, 30 Jul 2007 11:39:21 +0100 (BST)
From:	Mark Fortescue <mark@...hpc.demon.co.uk>
To:	David Miller <davem@...emloft.net>
cc:	aaw@...gle.com, akpm@...ux-foundation.org,
	linux-arch@...r.kernel.org, sparclinux@...r.kernel.org,
	wli@...omorphy.com, linux-mm@...ck.org,
	linux-kernel@...r.kernel.org
Subject: Re: [SPARC32] NULL pointer derefference

Hi David,

Thanks for the comments.

On Sun, 29 Jul 2007, David Miller wrote:

> From: Mark Fortescue <mark@...hpc.demon.co.uk>
> Date: Mon, 30 Jul 2007 03:18:42 +0100 (BST)
>
>> Unfortunatly Sparc32 sun4c low level memory management apears to be
>> incompatible with commit b6a2fea39318e43fee84fa7b0b90d68bed92d2ba
>> mm: variable length argument support.
>>
>> For some reason, this commit corrupts the memory used by the low level
>> context/pte handling ring buffers in arch/sparc/mm/sun4c (in
>> add_ring_ordered, head->next becomes set to a NULL pointer).
>>
>> I had a quick look at http://www.linux-mm.org to see if there were any
>> diagrams that show what is going on in the memory management systems, to
>> see if there was something that I could use to help me work out what is
>> going on, but I could not see any.
>
> One possible issue is sequencing, perhaps the stack argument copy
> is occuring before the new context is setup properly on sun4c.
>

I will see if I can generate some debug code to check out this posibility.

> Another issue might be the new flush_cache_page() call in this
> new code in fs/exec.c, there are now cases where flush_cache_page()
> will be called on kernel addresses, and sun4c's implementation might
> not like that at all.
>

I backed the commit out of my latest git pull (app 2am this morning) and I 
end up with a working kernel so this confirms that is is somthing 
specific to this patch.

I will try adding in a flush_cache_page() at an appropriate point on the 
pre-commit version of the code to see if that makes a mess of things.

Regards
 	Mark Fortescue.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ