lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <497FE895.1080708@redhat.com>
Date:	Wed, 28 Jan 2009 00:09:41 -0500
From:	Masami Hiramatsu <mhiramat@...hat.com>
To:	unlisted-recipients:; (no To-header on input)
CC:	Nick Piggin <npiggin@...e.de>,
	Mathieu Desnoyers <mathieu.desnoyers@...ymtl.ca>,
	LKML <linux-kernel@...r.kernel.org>,
	Ananth N Mavinakayanahalli <ananth@...ibm.com>,
	Jim Keniston <jkenisto@...ibm.com>,
	systemtap-ml <systemtap@...rces.redhat.com>,
	"Frank Ch. Eigler" <fche@...hat.com>
Subject: Re: [BUG][kprobes][vunmap?]: kprobes may cause memory corruption

Masami Hiramatsu wrote:
> Hi
> 
> I found that 2.6.28-rc1+ kernel might cause a random memory corruption
> including double fault when repeating load/unload kprobe-using module on
> i386 with CONFIG_HIGHMEN4G=y.

I think there might be two different bugs.

- First bug may be related to vunmap change.
    - I'm not sure the root cause of this bug.
    - However, this bug seems to be fixed by my patch(use vm_map_ram in text_poke()).

- Second bug is kprobe_fault_handler bug
    - I found a clue of this bug which I reported below by using kdump&crash.
      http://sources.redhat.com/bugzilla/show_bug.cgi?id=9740#c21
    - I thought this bug should not be fixed by my patch, but as far as I tested,
      this bug disappeared with my patch.

> A set of test code which written in plain c is attached,
> make genkprobe.ko and run testmod.sh, then the bug will
> be occurred.

If my thought is correct, previous test-code is only for the second bug.
I attached a bit different test code(just disabled the fault handler)
for the first bug.

Thank you,

-- 
Masami Hiramatsu

Software Engineer
Hitachi Computer Products (America) Inc.
Software Solutions Division

e-mail: mhiramat@...hat.com



View attachment "genkprobe1.c" of type "text/x-csrc" (24904 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ