lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 22 Jul 2009 22:28:17 +0200
From:	"Rafael J. Wysocki" <rjw@...k.pl>
To:	Thomas Meyer <thomas@...3r.de>
Cc:	Jiri Slaby <jirislaby@...il.com>,
	Parag Warudkar <parag.warudkar@...il.com>,
	linux-kernel@...r.kernel.org, sds@...ho.nsa.gov, jmorris@...ei.org,
	eparis@...isplace.org
Subject: Re: 2.6.31-rc2: BUG: unable to handle kernel NULL pointer dereference

On Monday 20 July 2009, Thomas Meyer wrote:
> Am Sonntag, den 12.07.2009, 22:26 +0200 schrieb Jiri Slaby:
> > On 07/12/2009 07:30 PM, Parag Warudkar wrote:
> > > static void selinux_write_opts(struct seq_file *m,
> > > 1012                                struct security_mnt_opts *opts)
> > > 1013 {
> > > 1014         int i;
> > > 1015         char *prefix;
> > > 1016
> > > 1017         for (i = 0; i < opts->num_mnt_opts; i++) {
> > > 1018                 char *has_comma;
> > > 1019
> > > 1020                 if (opts->mnt_opts[i])
> > > 1021                         has_comma = strchr(opts->mnt_opts[i], ',');
> > >                                          ^^^^^^^^^^^^^^^^^^^^^^^^^
> > > And that is a NULL pointer dereference - but we just checked for
> > > opts->mnt_opts[i] for not NULL. 
> > 
> > Note, that there is not a NULL dereference. It dereferences 0x40 which
> > came in as %rdi. Looks like somebody assigned garbage in there.
> > 
> > Or a single bit mem error. Is memtest OK with this machine?
> Yes it ran fine for one cycle (about 2:15 hours).
> 
> Maybe memory in acpi S3 is not so stable? Is this possible?

Generally, it is, but I haven't seen it happen yet.  In theory, if the memory
chips are not refreshed appropriately while suspended, something like this may
happen.

Best,
Rafael
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ