lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 15 Oct 2013 09:53:39 +0200
From:	Knut Petersen <Knut_Petersen@...nline.de>
To:	Ingo Molnar <mingo@...nel.org>,
	Frederic Weisbecker <fweisbec@...il.com>
CC:	"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Thomas Gleixner <tglx@...utronix.de>, Greg KH <greg@...ah.com>,
	linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [BUG 3.12.rc4] Oops: unable to handle kernel paging request during
 shutdown

On 15.10.2013 08:40, Ingo Molnar wrote:
> * Frederic Weisbecker <fweisbec@...il.com> wrote:
>
>> I've been thinking that CONFIG_DEBUG_LIST could help. Unfortunately it's
>> good to spot list APIs misuse but, if Linus is right, the problem may be
>> that the list belongs to an object that has been freed, and I believe
>> that won't detect such a thing.
> Use-after free should be reliably detectable via CONFIG_DEBUG_PAGEALLOC=y.

Enabled.

Hmm ... I think i spotted a KConfig bug.  In mm/Kconfig.debug I read:

config DEBUG_PAGEALLOC
         bool "Debug page memory allocations"
         depends on DEBUG_KERNEL
         depends on !HIBERNATION || ARCH_SUPPORTS_DEBUG_PAGEALLOC && !PPC && !SPARC
         depends on !KMEMCHECK
         select PAGE_POISONING if !ARCH_SUPPORTS_DEBUG_PAGEALLOC
         select PAGE_GUARD if ARCH_SUPPORTS_DEBUG_PAGEALLOC
         ---help---
           Unmap pages from the kernel linear mapping after free_pages().
           This results in a large slowdown, but helps to find certain types
           of memory corruption.

           For architectures which don't enable ARCH_SUPPORTS_DEBUG_PAGEALLOC,
           fill the pages with poison patterns after free_pages() and verify
           the patterns before alloc_pages().  Additionally,
           this option cannot be enabled in combination with hibernation as
           that would result in incorrect warnings of memory corruption after
           a resume because free pages are not saved to the suspend image.


Either the description or the "depends" line that includes !HIBERNATION is wrong. Maybe

         depends on DEBUG_KERNEL
-        depends on !HIBERNATION || ARCH_SUPPORTS_DEBUG_PAGEALLOC && !PPC && !SPARC
+        depends on !HIBERNATION && ARCH_SUPPORTS_DEBUG_PAGEALLOC && !PPC && !SPARC
         depends on !KMEMCHECK

is correct, at least does not allow HIBERNATION and DEBUG_PAGEALLOC to be enabled simultaneously.

>
> A couple of years ago I wrote a list debugging beast that would catch
> use-after-free mishaps (sent it to lkml too IIRC), but it was a bit
> complex and I never found the time to nurse it upstream.
>
> Thanks,
>
> 	Ingo
>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists