lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080905110411.GA26846@elte.hu>
Date:	Fri, 5 Sep 2008 13:04:11 +0200
From:	Ingo Molnar <mingo@...e.hu>
To:	Thomas Gleixner <tglx@...utronix.de>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	torvalds@...ux-foundation.org, sfr@...b.auug.org.au,
	linux-next@...r.kernel.org, linux-kernel@...r.kernel.org,
	yhlu.kernel@...il.com, ink@...assic.park.msu.ru,
	jbarnes@...tuousgeek.org, netdev@...r.kernel.org,
	viro@...iv.linux.org.uk, ebiederm@...ssion.com,
	dwmw2@...radead.org, sam@...nborg.org, johnstul@...ibm.com
Subject: Re: linux-next: Tree for September 3


* Thomas Gleixner <tglx@...utronix.de> wrote:

> On Thu, 4 Sep 2008, Andrew Morton wrote:
> > > 
> > > Cute, NULL pointer in the timer check code. Can you please addr2line
> > > the exact code line or upload the vmlinux somewhere ?
> > > 
> > 
> > erm, I might have lost that binary, and it only happened the once.  It
> > happened shortly after the machine had fully booted, during
> > establishment of the first sshd session.
> > 
> > It nuked the machine really well, too.  I had to pull the battery to
> > get it back.
> 
> Known problem on Sonys. :(
> 
> > fwiw:
> >
> > (gdb) l *0xc0126e7f
> > 0xc0126e7f is in get_next_timer_interrupt (kernel/timer.c:863).
> > warning: Source file is more recent than executable.
> > 858             for (array = 0; array < 4; array++) {
> > 859                     struct tvec *varp = varray[array];
> > 860     
> > 861                     index = slot = timer_jiffies & TVN_MASK;
> > 862                     do {
> > 863                             list_for_each_entry(nte, varp->vec + slot, entry) {
> > 864                                     found = 1;
> > 865                                     if (time_before(nte->expires, expires))
> > 866                                             expires = nte->expires;
> > 867                             }
> > 
> > which looks reasonable.
> 
> Yeah, as Linus decoded it's that loop. So we look at some corrupted
> entry here. 
> 
> CONFIG_DEBUG_OBJECTS (add debug_objects to the command line as well)
> should catch it when this is a timer being discarded, freed or
> reinitialized.
> 
> Otherwise, when it is just random corruption it wont help much.

i guess CONFIG_DEBUG_OBJECTS_TIMERS=y is practical, and 
CONFIG_DEBUG_LIST=y would be nice as well - it can catch memory 
corruptions rather early and is relatively light-weight.

[ and if there's any reproducability of the corruption and if it happens 
  at a stable kernel address then a small custom hack in ftrace can 
  catch it the moment it happens. ]

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ