lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160112102106.GA20507@1wt.eu>
Date:	Tue, 12 Jan 2016 11:21:06 +0100
From:	Willy Tarreau <w@....eu>
To:	Peter Zijlstra <peterz@...radead.org>
Cc:	Byungchul Park <byungchul.park@....com>, stable@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [STABLE] kernel oops which can be fixed by peterz's patches

Hi Peter,

On Tue, Jan 05, 2016 at 10:14:44AM +0100, Peter Zijlstra wrote:
> On Tue, Jan 05, 2016 at 05:52:11PM +0900, Byungchul Park wrote:
> > 
> > Upstream commits to be applied
> > ==============================
> > 
> > e3fca9e: sched: Replace post_schedule with a balance callback list
> > 4c9a4bc: sched: Allow balance callbacks for check_class_changed()
> > 8046d68: sched,rt: Remove return value from pull_rt_task()
> > fd7a4be: sched, rt: Convert switched_{from, to}_rt() / prio_changed_rt() to balance callbacks
> > 0ea60c2: sched,dl: Remove return value from pull_dl_task()
> > 9916e21: sched, dl: Convert switched_{from, to}_dl() / prio_changed_dl() to balance callbacks
> > 
> > The reason why these should be applied
> > ======================================
> > 
> > Our products developed using 3.16 kernel, faced a kernel oops which can
> > be fixed with above upstreamed patches. The oops is caused by "Unable
> > to handle kernel NULL pointer dereference at virtual address 000000xx"
> > in the call path,
> > 
> > __sched_setscheduler()
> > 	check_class_changed()
> > 		switched_to_fair()
> > 			check_preempt_curr()
> > 				check_preempt_wakeup()
> > 					find_matching_se()
> > 						is_same_group()
> > 
> > by "if (se->cfs_rq == pse->cfs_rq) // se, pse == NULL" condition.
> 
> So the reason I didn't mark them for stable is that they were non
> trivial, however they've been in for a while now and nothing broke, so I
> suppose backporting them isn't a problem.

I didn't check the code, but for older kernels, can't we simply get rid
of the issue by adding an extra test on se/pse before dereferencing it,
even if that implies a suboptimal fix which is always better than an oops ?
I must confess I don't feel at ease with backporting so many sensitive
changes into 2.6.32!

Thanks,
Willy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ