lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 30 Mar 2007 11:37:53 +0400
From:	Evgeniy Polyakov <johnpol@....mipt.ru>
To:	Philipp Reisner <philipp.reisner@...bit.com>
Cc:	netdev@...r.kernel.org
Subject: Re: Issue with connector/netlink

Hi Philipp.

On Thu, Mar 29, 2007 at 08:47:18PM +0200, Philipp Reisner (philipp.reisner@...bit.com) wrote:
> It happens in netlink_broadcast() which seems to get called
> from drbd_connector_callback(). Drbd_connector_callback() 
> calls cn_netlink_send(), which in turn calls netlink_broadcast().
>    I guess this little detail is missing from the trace since
>    the call to netlink_broadcast() happens with the return
>    statement in cn_netlink_send().
> 
> netlink_broadcast() in turn calls the inlined function
> do_one_broadcast(), in which the OOPS happens. It is the test_bit()
> call!
> 
> static inline int do_one_broadcast(struct sock *sk,
>                                    struct netlink_broadcast_data *p)
> {
>         struct netlink_sock *nlk = nlk_sk(sk);
>         int val;
> 
>         if (p->exclude_sk == sk)
>                 goto out;
> 
>         if (nlk->pid == p->pid || p->group - 1 >= nlk->ngroups ||
>             !test_bit(p->group - 1, nlk->groups)) <=<<==<<<===<<<<====<<<<<======

That means nlk is broken, which seems to be very strange, probably it is
related to double freeing somewhere (or vrong are freeing).
Let's first assume connector is guilty, can you reproduce crash with
following patch:

diff --git a/drivers/connector/connector.c b/drivers/connector/connector.c
index a905f78..aed7dd7 100644
--- a/drivers/connector/connector.c
+++ b/drivers/connector/connector.c
@@ -146,6 +146,7 @@ static int cn_call_callback(struct cn_msg *msg, void (*destruct_data)(void *), v
 							&__cbq->work))
 					err = 0;
 			} else {
+#if 0
 				struct cn_callback_data *d;
 				
 				err = -ENOMEM;
@@ -169,6 +170,7 @@ static int cn_call_callback(struct cn_msg *msg, void (*destruct_data)(void *), v
 						err = -EINVAL;
 					}
 				}
+#endif
 			}
 			break;
 		}

-- 
	Evgeniy Polyakov
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ