lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 16 Sep 2009 20:44:43 +0200
From:	"Lars Ericsson" <Lars_Ericsson@...ia.com>
To:	<David.Woodhouse@...el.com>, <sachinp@...ibm.com>
Cc:	<linux-kernel@...r.kernel.org>
Subject: Oops in drivers\base\firmware_class

Hi,

I have discovered a Oops in the firmware_loading_store function. 
At first it looks like a timing issue but after adding a BUG_ON test,
it fails every time. 

drivers\base\firmware_class:
------------------------------
 541 01c0 F6463401 	testb $1,52(%esi)
 542 01c4 0F843FFF 	je .L38
 542      FFFF
 543              	.loc 1 174 0
 544 01ca 8B4630   	movl 48(%esi),%eax
 545 01cd 8B4004   	movl 4(%eax),%eax	<---- Oops
 546 01d0 E8FCFFFF 	call vfree
 546      FF

The code that fails was introduced in commit
6e03a201bbe8137487f340d26aa662110e324b20 

Attached you will find the:
- Oops with the vanilla 2.6.31
- The BUG_ON patch
- Oops with the patched 2.6.31

/Lars

View attachment "Vanilla_Opps.txt" of type "text/plain" (2375 bytes)

Download attachment "BUG_ON_firmware_class.c.patch" of type "application/octet-stream" (652 bytes)

View attachment "BUG_ON_Oops.txt" of type "text/plain" (2209 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ