| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20080718090951.GP6875@elte.hu> Date: Fri, 18 Jul 2008 11:09:51 +0200 From: Ingo Molnar <mingo@...e.hu> To: Pekka Enberg <penberg@...helsinki.fi> Cc: Evgeniy Polyakov <johnpol@....mipt.ru>, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, Vegard Nossum <vegard.nossum@...il.com>, "Rafael J. Wysocki" <rjw@...k.pl> Subject: Re: [bug, netconsole, SLUB] BUG skbuff_head_cache: Poison overwritten * Pekka Enberg <penberg@...helsinki.fi> wrote: > On Fri, Jul 18, 2008 at 8:46 AM, Evgeniy Polyakov <johnpol@....mipt.ru> wrote: > > Does SLUB have a debug check at freeing time? If so, how does it work > > and why didn't it caught use after free there? > > You can't detect use after free before the object is actually free'd > ;-) yeah, we want to check use-after free at the next allocation point - i.e. as late as possible to gather all corruptions that happened meanwhile. We could in theory have a SLUB debug mode where a SCHED_IDLE kernel thread would periodically check all free objects (of that CPU) in the background to ensure their integrity. That would catch corruptions sooner, with a possibly still meaningful context to print out. [right after the IRQ or process that corrupts them finishes running] It could also be hooked into ftrace to print out the last few hundred kernel function calls executed prior any corruption. ftrace/slub-debug plugin perhaps? Ingo -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists