lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1339055228.26966.103.camel@edumazet-glaptop>
Date:	Thu, 07 Jun 2012 09:47:08 +0200
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Dave Jones <davej@...hat.com>
Cc:	Linux Kernel <linux-kernel@...r.kernel.org>, axboe@...nel.dk,
	Tom Herbert <therbert@...gle.com>
Subject: Re: vmsplice triggering bug in kfree.

On Thu, 2012-06-07 at 07:52 +0200, Eric Dumazet wrote:
> On Thu, 2012-06-07 at 06:40 +0200, Eric Dumazet wrote:
> > On Thu, 2012-06-07 at 06:27 +0200, Eric Dumazet wrote:
> > 
> > > Thanks Dave, I'll take a look today on this report.
> > > 
> > 
> > OK, trivial bug, I am testing a fix, thanks again.
> > 
> 
> Not sure if you can reproduce this bug easily, if so could you test
> following patch ?

By the way, following program triggers the bug instantly :

#define __USE_GNU 1
#define _GNU_SOURCE
#include <fcntl.h>
#include <pthread.h>
#include <sys/types.h>

#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>

int pfd[2];

void *worker(void *arg)
{
	unsigned int page_size = 4096;

	while (1) {
		fcntl(pfd[1], F_SETPIPE_SZ, 16 * page_size);
		fcntl(pfd[1], F_SETPIPE_SZ, 64 * page_size);
	}
}

char buffer[1024*1024];

int main(int argc, char *argv[])
{
	pthread_t tid;
	int res, fdnull = open("/dev/null", O_WRONLY);

	if (pipe(pfd) == -1) {
		perror("pipe");
		return 1;
	}
	res = pthread_create(&tid, NULL, worker, NULL);
	if (res) {
		errno = res;
		perror("pthread_create");
		return 1;
	}

	while (1) {
		struct iovec iov[1];
		int wr;

		iov[0].iov_base = buffer;
		iov[0].iov_len = 1024*1024;
		wr = vmsplice(pfd[1], iov, 1, SPLICE_F_GIFT);
		if (wr > 0) {
			wr = splice(pfd[0], NULL,
				    fdnull, NULL,
				    wr, SPLICE_F_MOVE | SPLICE_F_MORE);
		}
	}
}


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ