lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20111109165158.GA2254@redhat.com>
Date:	Wed, 9 Nov 2011 17:51:59 +0100
From:	Stanislaw Gruszka <sgruszka@...hat.com>
To:	Tomáš Janoušek <tomi@...i.cz>
Cc:	linux-kernel@...r.kernel.org, Wey-Yi Guy <wey-yi.w.guy@...el.com>,
	linux-wireless@...r.kernel.org
Subject: Re: iwlagn: memory corruption with WPA enterprise

Hi

On Wed, Nov 09, 2011 at 04:54:11PM +0100, Tomáš Janoušek wrote:
> On Mon, Oct 31, 2011 at 05:03:43PM +0100, Stanislaw Gruszka wrote:
> > You may try debugging patches I posted a while ago:
> > http://marc.info/?l=linux-mm&m=131914560820378&w=2
> > http://marc.info/?l=linux-mm&m=131914560820293&w=2
> > http://marc.info/?l=linux-mm&m=131914560820317&w=2
> > 
> > With a bit of luck, kernel should panic and dump call-trace when
> > bad code start to write at memory addresses where is not suppose
> > to.
> 
> Thanks for your suggestions. I did as you told me, applied those 3 patches on
> top of 3.1 + net-next (the one from 29 Oct 2011), enabled all those things in
> config and passed corrupt_dbg=1 on cmdline, but the problem happens without
> anything being written to dmesg.

I just discovered that CONFIG_DEBUG_PAGEALLOC does not work as expected.
It leave most of free pages unprotected, hence unintentional write to
them is not discovered. I'm attaching additional patch, which should
make detection actually work.

If kernel will does not boot with corrupt_dbg=1, you may try to catch
corruption without that option. Attached patch should make it possible,
however having corrupt_dbg=1 increase probability of the catch.

Thanks
Stanislaw


View attachment "0001-mm-remove-debug_pagealloc_enabled.patch" of type "text/plain" (3224 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ