| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 19 Apr 2008 15:17:19 +0400 From: Alexey Dobriyan <adobriyan@...il.com> To: Christoph Lameter <clameter@....com> Cc: Pekka Enberg <penberg@...helsinki.fi>, Andrew Morton <akpm@...ux-foundation.org>, linux-kernel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: 2.6.25-rc8-mm2: FIX kmalloc-2048 (was Re: 2.6.25-rc8-mm2: IP: [<ffffffff802868f9>] __kmalloc+0x69/0x110) On Mon, Apr 14, 2008 at 01:05:09PM -0700, Christoph Lameter wrote: > On Mon, 14 Apr 2008, Alexey Dobriyan wrote: > > > I can reproduce semi-reliably (by kernel standards) corruption in > > kmalloc-2048. No idea if this can explain all "struct file" related > > oopses I saw, or SLUB free pointer corruption Pekka and Christoph are > > looking into. > > The slub free pointer corruption is usually a result of the overwrites. > > > Bytes b4 0xffff81017ff9d2c0: 62 ea ff ff 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a > > Object 0xffff81017ff9d2d0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b > > Object 0xffff81017ff9d2e0: 6b 6b 00 18 f3 a2 9f 90 00 1b 38 af 22 49 08 00 > > Object 0xffff81017ff9d2f0: 45 10 00 4c ff 59 40 00 40 11 86 ac c0 a8 00 2a > > Object 0xffff81017ff9d300: 50 fa a2 be 91 43 00 7b 00 38 54 d4 23 00 00 00 > > Object 0xffff81017ff9d310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > Object 0xffff81017ff9d320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > Object 0xffff81017ff9d330: 00 00 00 00 4c ff 10 44 74 7f 6f 9d e4 c8 a2 4f > > Object 0xffff81017ff9d340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > Redzone 0xffff81017ff9dad0: bb bb bb bb bb bb bb bb > > Padding 0xffff81017ff9db10: 5a 5a 5a 5a 5a 5a 5a 5a > > > > FIX kmalloc-2048: Restoring 0xffff81017ff9d2e2-0xffff81017ff9d8d9=0x6b > > Looks like skb corruption. Would be helpful to have the complete output > though. Does the data in the restored range trigger any memories? No. I'm currently tracing this bug and 2.6.24 also has it. :-( -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists