lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAHhAz+gitjumBDuHznp5FMP-zEyaSnxiC6-S-ji5pzLFOSRb0w@mail.gmail.com>
Date:	Thu, 3 Sep 2015 09:54:39 +0530
From:	Muni Sekhar <munisekharrms@...il.com>
To:	Jeff Epler <jepler@...ythonic.net>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: kfree a pointer "from the middle" causing protection faults

On Wed, Sep 2, 2015 at 9:39 PM, Jeff Epler <jepler@...ythonic.net> wrote:
> On Wed, Sep 02, 2015 at 08:32:15PM +0530, Muni Sekhar wrote:
>>  [ Please keep me in CC as I'm not subscribed to the list]
>>
>> Hello,
>>
>>
>> I am getting protection faults in different kernel modules if I try to
>> free a pointer "from the middle" for example, look at the following
>> code:
> [..]
>
> Most memory allocators require the pointer eventually passed to the
> freeing function is the same pointer as the one returned from the
> allocating function.  This is true for libc malloc/free, for instance.
> As far as I know, it is true for the Linux allocators such as kzalloc.
> The bug lies in whatever part of linux makes the invalid kfree call.
>
> I have not found any documentation that kernel kzalloc/kfree allow
> passing a pointer "from the middle".  For instance,
>     These routines are used to dynamically request pointer-aligned chunks of
>     memory, like malloc and free do in userspace
>     https://www.kernel.org/doc/htmldocs/kernel-hacking/routines-kmalloc.html
>
> If the faulty code that you allude to is in the Linux source then please
> say what it is so that developers can fix it.  If it's an out of source
> module or kernel patch then contact the supplier of that code.

The faulty code mentioned above is not in the Linux source, I noticed
this behaviour during testing our own module. Thanks for the
clarification Jeff.

>
> Jeff
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ