lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Sat, 15 Dec 2007 23:56:04 -0800
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	"Miles Lane" <miles.lane@...il.com>
Cc:	Herbert Xu <herbert@...dor.apana.org.au>, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: Fw: [PACKET]: Fix /proc/net/packet crash due to bogus private
 pointer

On Sun, 16 Dec 2007 01:37:01 -0500 "Miles Lane" <miles.lane@...il.com> wrote:
>

argh, please don't use linux-net.  It's basically dead afaik.

Suitable ccs restored.

> > On Sun, Dec 16, 2007 at 11:07:07AM +0800, Herbert Xu wrote:
> > >
> > > I suspect namespace borkage.  But just because you pin-pointed
> > > my patch I'll try to track it down :)
> >
> > Surprise surprise.  The namespace seq patch missed two spots in
> > AF_PACKET.
> >
> > [PACKET]: Fix /proc/net/packet crash due to bogus private pointer
> >
> > The seq_open_net patch changed the meaning of seq->private.
> > Unfortunately it missed two spots in AF_PACKET, which still
> > used the old way of dereferencing seq->private, thus causing
> > weird and wonderful crashes when reading /proc/net/packet.
> >
> > This patch fixes them.
> >
> > Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au>
> >
> > diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
> > index 485af56..43e49f4 100644
> > --- a/net/packet/af_packet.c
> > +++ b/net/packet/af_packet.c
> > @@ -1878,7 +1878,7 @@ static void *packet_seq_start(struct seq_file *seq, loff_t *pos)
> >
> >  static void *packet_seq_next(struct seq_file *seq, void *v, loff_t *pos)
> >  {
> > -       struct net *net = seq->private;
> > +       struct net *net = seq_file_net(seq);
> >         ++*pos;
> >         return  (v == SEQ_START_TOKEN)
> >                 ? sk_head(&net->packet.sklist)
> > @@ -1887,7 +1887,7 @@ static void *packet_seq_next(struct seq_file *seq, void *v, loff_t *pos)
> >
> >  static void packet_seq_stop(struct seq_file *seq, void *v)
> >  {
> > -       struct net *net = seq->private;
> > +       struct net *net = seq_file_net(seq);
> >         read_unlock(&net->packet.sklist_lock);
> >  }
> >
>
> ...
>
> 
> Hmm.  I tried compiling again with this patch applied and lockdep
> turned back on, and got the following (I will try again with lockdep
> turned back off):
> 
> Dec 15 13:44:39 syntropy kernel: process `cat' is using deprecated
> sysctl (syscall) net.ipv6.neigh.default.retrans_time; Use
> net.ipv6.neigh.default.retrans_time_ms instead.
> Dec 15 13:44:39 syntropy kernel:
> Dec 15 13:44:39 syntropy kernel: =====================================
> Dec 15 13:44:39 syntropy kernel: [ BUG: bad unlock balance detected! ]
> Dec 15 13:44:39 syntropy kernel: -------------------------------------
> Dec 15 13:44:39 syntropy kernel: cat/4819 is trying to release lock
> (kkkkkkk<A5><BB><BB><BB><BB>Ȧ<FD><DF>) at:
> Dec 15 13:44:39 syntropy kernel: [packet_seq_stop+0xe/0x10]
> packet_seq_stop+0xe/0x10
> Dec 15 13:44:39 syntropy kernel: but there are no more locks to release!
> Dec 15 13:44:39 syntropy kernel:
> Dec 15 13:44:39 syntropy kernel: other info that might help us debug this:
> Dec 15 13:44:39 syntropy kernel: 2 locks held by cat/4819:
> Dec 15 13:44:39 syntropy kernel:  #0:  (&p->lock){--..}, at:
> [crypto_algapi:seq_read+0x25/0x191c1] seq_read+0x25/0x26f

So your kernel is still feeding garbage into lockdep.

Are you really really sure that kernel had Herbert's patch applied?

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists