lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Jul 2009 16:41:18 +0200 From: Oliver Hartkopp <oliver@...tkopp.net> To: Lothar Waßmann <LW@...O-electronics.de> CC: Herbert Xu <herbert@...dor.apana.org.au>, davem@...emloft.net, netdev@...r.kernel.org, urs.thuermann@...kswagen.de, Urs Thuermann <urs@...ogud.escape.de> Subject: Re: use after free bug in socket code Lothar Waßmann wrote: > Oliver Hartkopp writes: >> >> Would you like to prepare a proper patch and post it on netdev? >> > I'll do. Fine. > I would also submit a second patch to add an appropriate MODULE_ALIAS > to the protocol drivers, so they can be autoloaded when compiled as > module: > diff -ur linux-2.6.30/net/can/bcm.c linux-2.6.30-karo/net/can/bcm.c > --- linux-2.6.30/net/can/bcm.c 2009-06-10 05:05:27.000000000 +0200 > +++ linux-2.6.30-karo/net/can/bcm.c 2009-07-12 20:12:38.000000000 +0200 > @@ -75,6 +75,7 @@ > MODULE_DESCRIPTION("PF_CAN broadcast manager protocol"); > MODULE_LICENSE("Dual BSD/GPL"); > MODULE_AUTHOR("Oliver Hartkopp <oliver.hartkopp@...kswagen.de>"); > +MODULE_ALIAS("can-proto-2"); > > /* easy access to can_frame payload */ > static inline u64 GET_U64(const struct can_frame *cp) > diff -ur linux-2.6.30/net/can/raw.c linux-2.6.30-karo/net/can/raw.c > --- linux-2.6.30/net/can/raw.c 2009-06-10 05:05:27.000000000 +0200 > +++ linux-2.6.30-karo/net/can/raw.c 2009-07-12 20:12:29.000000000 +0200 > @@ -62,6 +62,7 @@ > MODULE_DESCRIPTION("PF_CAN raw protocol"); > MODULE_LICENSE("Dual BSD/GPL"); > MODULE_AUTHOR("Urs Thuermann <urs.thuermann@...kswagen.de>"); > +MODULE_ALIAS("can-proto-1"); > > #define MASK_ALL 0 > Good idea. I currently added these aliases somewhere in my /etc/modprobe.d directory. But if this can be done by the kernel itself, we can reduce the distro-depended configuation effort. You can add my Acked-by: Oliver Hartkopp <oliver@...tkopp.net> to both discussed patches directly. > >> ps. This code section was stable for more than three years now. Can you tell >> me, how you kicked your system to run into this problem? >> > I was working on a chip driver for the i.MX25 flexcan controller. The > bug was visible due to CONFIG_DEBUG_SLAB=y which makes sure that > memory is poisoned with a special pattern upon being freed. Nice hint! I will enable this in my config also. > > The situation where this triggers a bug is when the chip driver's > hard_start_xmit function returns a NETDEV_TX_BUSY and subsequently the > can interface is deconfigured. > > Maybe you could try this on different hardware? Will do when i'm back at work ;-) Many Thanks, Oliver -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists