lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 25 Aug 2009 09:27:39 +0100
From:	Catalin Marinas <catalin.marinas@....com>
To:	Pekka Enberg <penberg@...helsinki.fi>
Cc:	Vegard Nossum <vegard.nossum@...il.com>,
	Ingo Molnar <mingo@...e.hu>, linux-kernel@...r.kernel.org
Subject: Re: WARNING: kmemcheck: Caught 32-bit read from uninitialized
	memory  (f6f6e1a4), by kmemleak's scan_block()

On Tue, 2009-08-25 at 11:08 +0300, Pekka Enberg wrote:
> On Tue, 2009-08-25 at 10:04 +0200, Vegard Nossum wrote:
> > 2009/8/25 Ingo Molnar <mingo@...e.hu>:
> > > FYI, -tip testing triggered the following kmemcheck warning in
> > > kmemleak:
> > >
> > > PM: Adding info for No Bus:vcsa7
> > > WARNING: kmemcheck: Caught 32-bit read from uninitialized memory (f6f6e1a4)
> > > d873f9f600000000c42ae4c1005c87f70000000070665f666978656400000000
> > >  i i i i u u u u i i i i i i i i i i i i i i i i i i i i i u u u
[...]
> > Already the patch to make kmemcheck and kmemleak mutually exclusive is
> > underway. It is not surprising that kmemleak is scanning uninitialized
> > memory. But if you say that you have tried it before, it is strange
> > that it didn't appear until now.
> 
> Why isn't it surprising? Yes, it's non-fatal for kmemleak to scan
> uninitialized memory but we could be looking at non-initialized struct
> member that's a bug waiting to happen elsewhere in the code (that
> doesn't trigger often).

It isn't surprising to me either. Kmemleak scans the memory periodically
but it cannot know whether such memory was initialised or not to avoid
scanning it. So I would expect such warnings if both kmemleak and
kmemcheck are enabled. Scanning uninitialised memory is fine with
kmemleak, it just increases the number of false negatives (with
SLAB_DEBUG enabled, however, the allocated blocks are pre-initialised).

So kmemleak and kmemcheck should be exclusive, unless there is a way for
kmemleak to validate an address with kmemcheck before deciding whether
to scan a memory block.

-- 
Catalin

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ