| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Oct 2013 18:22:21 +0800 From: "Wang, Yalin" <Yalin.Wang@...ymobile.com> To: 'Will Deacon' <will.deacon@....com> CC: "'linux-arm-msm-owner@...r.kernel.org'" <linux-arm-msm-owner@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "Peng, Arthur" <Arthur.Peng@...ymobile.com>, "Zhang, Bojie" <Bojie.Zhang@...ymobile.com> Subject: RE: BUG report about ipt_do_table( ) Hi Will, Thanks for your reply . This is the kernel that we use: https://www.codeaurora.org/cgit/quic/la/kernel/msm/tree/net/ipv4/netfilter/ip_tables.c?id=M8960AAAAANLYA26144005 https://www.codeaurora.org/cgit/quic/la/kernel/msm/tree/net/netfilter/x_tables.c?id=M8960AAAAANLYA26144005 I am sorry that I can't use the latest kernel to reproduce This BUG, make the new kernel running on our Platform is not easy, and need do a lot of porting work . I have compare our kernel with 3.12 , Ip_tables.c x_tables.c is the same , So the BUG should can also be reproduce on 3.12 (just my guess). I make a patch for this BUG, but have not test it: /-----------------------------------------------------------------------/ diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 8d987c3..2353bcc 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c @@ -819,6 +819,12 @@ xt_replace_table(struct xt_table *table, return NULL; } + /* + * make sure the change is write to the memory + * so that the other CPU can see the changes + */ + mb(); + /* Do the substitution. */ local_bh_disable(); private = table->private; /-----------------------------------------------------------------------/ I add a memory barrier before update table->private . Make sure the other CPU can see the update memory correctly. When the BUG happened, the other CPU can get the new private (struct xt_table_info *), But sometimes it see private->jumpstack == NULL , or sometimes it see private->jumpstack[cpu] == NULL , Our several crash dumps show different crash point . This is caused by CPU write buffer ? It has written table->private , but has not update private-> members (still in write buffer) , This is really out of order write, will this happened on modern armv7 CPU? Especially like cortex-a15 , it can execute code out of order . Thanks you . -----Original Message----- From: Will Deacon [mailto:will.deacon@....com] Sent: Thursday, October 10, 2013 5:48 PM To: Wang, Yalin Cc: 'linux-arm-msm-owner@...r.kernel.org'; linux-kernel@...r.kernel.org Subject: Re: BUG report about ipt_do_table( ) On Thu, Oct 10, 2013 at 06:16:05AM +0100, Wang, Yalin wrote: > Dear all, Hello, > We encounter a crash in ipt_do_table( ) function During our stability > test . > > The CPU is qcom msm8960 / dual core , linux kernel version is 3.4 I appreciate that this is a mammoth task, but can you reproduce this failure with a mainline kernel (3.12-rc4)? If you suspect a synchronisation issue in core code, I'm afraid you'll have to show the failure with the current sources. Will -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists