lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 Sep 2018 10:39:34 -0400 From: tedheadster <tedheadster@...il.com> To: Daniel Borkmann <daniel@...earbox.net> Cc: Matthew Whitehead <whiteheadm@....org>, Alexei Starovoitov <alexei.starovoitov@...il.com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, netdev <netdev@...r.kernel.org>, Ingo Molnar <mingo@...hat.com>, Thomas Gleixner <tglx@...utronix.de>, Alexei Starovoitov <ast@...nel.org> Subject: Re: Allocation failure with subsequent kernel crash > I've been looking into it a bit today and still am. Given you've seen > this on x86_32 and also on older kernels, I presume JIT was not involved > (/proc/sys/net/core/bpf_jit_enable is 0). Do you run any specific workload > until you trigger this (e.g. fuzzer on BPF), or any specific event that > triggers at that time after ~5hrs? Or only systemd on idle machine? Have > you managed to reproduce this also elsewhere? Bisect seems indeed painful > but would help tremendously; perhaps also dumping the BPF insns that are > loaded at that point in time. Daniel, I've been trying for days to bisect this, but it is hard to reproduce. However, I did have a question. The crash is happening when bpf_prog_load() hits an error case and then jumps to free_used_maps(prog->aux). However, I don't see an obvious place where the 'aux' field gets initialized in bpf_prog_load(). So it might easily be zero/null. Could that explain the crash due to "unable to handle kernel NULL pointer dereference"? - Matthew
Powered by blists - more mailing lists