lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Thu, 1 Mar 2007 19:17:44 +0300
From:	Evgeniy Polyakov <johnpol@....mipt.ru>
To:	Eric Dumazet <dada1@...mosbay.com>
Cc:	David Miller <davem@...emloft.net>, paul.moore@...com,
	kaber@...sh.net, netdev@...r.kernel.org, acme@...stprotocols.net,
	Eric Sesterhenn / Snakebyte <snakebyte@....de>
Subject: Additional run-tme check [Run-time kfree check for correct cache]

Due to slab poisoning after origianl freeing, skb->users will not allow
subsequent freeing to succeed and fire slab debugging, which ends up
with obscure bugs.

Patch based on Eric Sesterhenn's <snakebyte@....de> one, I changed
check to skb>truesize instead of skb->users.counter, since the latter in
theory can be different than simple integer containing structure.

--- linux/net/core/skbuff.c.orig	2007-02-28 11:34:13.865540564 +0100
+++ linux/net/core/skbuff.c	2007-03-01 13:42:05.633136591 +0100
@@ -407,6 +407,11 @@ void kfree_skb(struct sk_buff *skb)
 {
 	if (unlikely(!skb))
 		return;
+#ifdef CONFIG_DEBUG_SLAB
+	/* check for double kfree_skb() */
+	WARN_ON(unlikely((skb->truesize & 0xFFFFFFFF) == 0x6b6b6b6b));
+#endif
+
 	if (likely(atomic_read(&skb->users) == 1))
 		smp_rmb();
 	else if (likely(!atomic_dec_and_test(&skb->users)))

-- 
	Evgeniy Polyakov
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists