| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Aug 2008 02:00:50 +0400 From: Alexey Dobriyan <adobriyan@...il.com> To: Roland McGrath <roland@...hat.com> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Andrew Morton <akpm@...ux-foundation.org>, linux-kernel@...r.kernel.org Subject: Re: [PATCH 1/2] utrace core On Thu, Aug 28, 2008 at 01:46:52AM +0400, Alexey Dobriyan wrote: > On Thu, Aug 28, 2008 at 01:32:11AM +0400, Alexey Dobriyan wrote: > > > And run to confirm that attach/detach/exec program still crashes it. > > > There is PREEMPT_RCU now so it will be even more not funny. > > > > As promised, quickly reproducible via expt_ptratt.c: > > Another one: And overwritten poison if run in parallel with while true; do killall -9 expl_ptratt killall -9 exe done ============================================================================= BUG utrace: Poison overwritten ----------------------------------------------------------------------------- INFO: 0xffff88017c31e7b0-0xffff88017c31e7f0. First byte 0x6c instead of 0x6b INFO: Allocated in utrace_attach_task+0x1f4/0x3d0 age=13 cpu=1 pid=5377 INFO: Freed in utrace_free+0x16/0x20 age=5 cpu=1 pid=5377 INFO: Slab 0xffffe2000532ae90 objects=21 used=2 fp=0xffff88017c31e780 flags=0x80000000000000c3 INFO: Object 0xffff88017c31e780 @offset=1920 fp=0xffff88017c31e540 Bytes b4 0xffff88017c31e770: fc 1f ff ff 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a ü.ÿÿ....ZZZZZZZZ Object 0xffff88017c31e780: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0xffff88017c31e790: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0xffff88017c31e7a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0xffff88017c31e7b0: 6c 6c 6b 6b 6b 6b 6b 6b ff ff ff ff 6b 6b 6b 6b llkkkkkkÿÿÿÿkkkk Object 0xffff88017c31e7c0: ff ff ff ff ff ff ff ff 6b 6b 6b 6b 6b 6b 6b 6b ÿÿÿÿÿÿÿÿkkkkkkkk Object 0xffff88017c31e7d0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0xffff88017c31e7e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0xffff88017c31e7f0: 6a 6b 6b 6b 6b 6b 6b a5 jkkkkkk¥ Redzone 0xffff88017c31e7f8: bb bb bb bb bb bb bb bb »»»»»»»» Padding 0xffff88017c31e838: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ Pid: 5382, comm: expl_ptratt Tainted: G W 2.6.27-rc4-next-20080827-utrace #5 Call Trace: [<ffffffff8028f989>] print_trailer+0xf9/0x160 [<ffffffff8028ff75>] check_bytes_and_report+0xa5/0xd0 [<ffffffff80290048>] check_object+0xa8/0x250 [<ffffffff80291173>] __slab_alloc+0x4f3/0x670 [<ffffffff8025f304>] ? utrace_attach_task+0x1f4/0x3d0 [<ffffffff8025f304>] ? utrace_attach_task+0x1f4/0x3d0 [<ffffffff80291721>] kmem_cache_alloc+0xb1/0xd0 [<ffffffff8025f304>] utrace_attach_task+0x1f4/0x3d0 [<ffffffff8023b977>] ptrace_attach_utrace+0x27/0x80 [<ffffffff8023c3e8>] ptrace_attach+0x48/0x1b0 [<ffffffff8023c610>] sys_ptrace+0xc0/0xd0 [<ffffffff8020b73b>] system_call_fastpath+0x16/0x1b FIX utrace: Restoring 0xffff88017c31e7b0-0xffff88017c31e7f0=0x6b FIX utrace: Marking all objects used -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists