| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070301161744.GB16344@2ka.mipt.ru>
Date: Thu, 1 Mar 2007 19:17:44 +0300
From: Evgeniy Polyakov <johnpol@....mipt.ru>
To: Eric Dumazet <dada1@...mosbay.com>
Cc: David Miller <davem@...emloft.net>, paul.moore@...com,
kaber@...sh.net, netdev@...r.kernel.org, acme@...stprotocols.net,
Eric Sesterhenn / Snakebyte <snakebyte@....de>
Subject: Additional run-tme check [Run-time kfree check for correct cache]
Due to slab poisoning after origianl freeing, skb->users will not allow
subsequent freeing to succeed and fire slab debugging, which ends up
with obscure bugs.
Patch based on Eric Sesterhenn's <snakebyte@....de> one, I changed
check to skb>truesize instead of skb->users.counter, since the latter in
theory can be different than simple integer containing structure.
--- linux/net/core/skbuff.c.orig 2007-02-28 11:34:13.865540564 +0100
+++ linux/net/core/skbuff.c 2007-03-01 13:42:05.633136591 +0100
@@ -407,6 +407,11 @@ void kfree_skb(struct sk_buff *skb)
{
if (unlikely(!skb))
return;
+#ifdef CONFIG_DEBUG_SLAB
+ /* check for double kfree_skb() */
+ WARN_ON(unlikely((skb->truesize & 0xFFFFFFFF) == 0x6b6b6b6b));
+#endif
+
if (likely(atomic_read(&skb->users) == 1))
smp_rmb();
else if (likely(!atomic_dec_and_test(&skb->users)))
--
Evgeniy Polyakov
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists