lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Mar 2007 11:37:53 +0400 From: Evgeniy Polyakov <johnpol@....mipt.ru> To: Philipp Reisner <philipp.reisner@...bit.com> Cc: netdev@...r.kernel.org Subject: Re: Issue with connector/netlink Hi Philipp. On Thu, Mar 29, 2007 at 08:47:18PM +0200, Philipp Reisner (philipp.reisner@...bit.com) wrote: > It happens in netlink_broadcast() which seems to get called > from drbd_connector_callback(). Drbd_connector_callback() > calls cn_netlink_send(), which in turn calls netlink_broadcast(). > I guess this little detail is missing from the trace since > the call to netlink_broadcast() happens with the return > statement in cn_netlink_send(). > > netlink_broadcast() in turn calls the inlined function > do_one_broadcast(), in which the OOPS happens. It is the test_bit() > call! > > static inline int do_one_broadcast(struct sock *sk, > struct netlink_broadcast_data *p) > { > struct netlink_sock *nlk = nlk_sk(sk); > int val; > > if (p->exclude_sk == sk) > goto out; > > if (nlk->pid == p->pid || p->group - 1 >= nlk->ngroups || > !test_bit(p->group - 1, nlk->groups)) <=<<==<<<===<<<<====<<<<<====== That means nlk is broken, which seems to be very strange, probably it is related to double freeing somewhere (or vrong are freeing). Let's first assume connector is guilty, can you reproduce crash with following patch: diff --git a/drivers/connector/connector.c b/drivers/connector/connector.c index a905f78..aed7dd7 100644 --- a/drivers/connector/connector.c +++ b/drivers/connector/connector.c @@ -146,6 +146,7 @@ static int cn_call_callback(struct cn_msg *msg, void (*destruct_data)(void *), v &__cbq->work)) err = 0; } else { +#if 0 struct cn_callback_data *d; err = -ENOMEM; @@ -169,6 +170,7 @@ static int cn_call_callback(struct cn_msg *msg, void (*destruct_data)(void *), v err = -EINVAL; } } +#endif } break; } -- Evgeniy Polyakov - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists