| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 23 Oct 2010 17:11:09 +0200
From: Eric Dumazet <eric.dumazet@...il.com>
To: Joe Buehler <aspam@....net>
Cc: netdev@...r.kernel.org
Subject: Re: kernel panic in fib_rules_lookup [2.6.27.7 vendor-patched]
Le samedi 23 octobre 2010 à 05:44 +0200, Eric Dumazet a écrit :
> Le vendredi 22 octobre 2010 à 16:30 -0400, Joe Buehler a écrit :
> > Eric Dumazet wrote:
> >
> > > Could you provide a disassembly of function fib_rules_lookup ?
> >
> > Try looking in http://68.100.141.95:3000/linux-crash/. There should be
> > the source file I am using (not current release if you recall), the .o,
> > the disassembly, and a -S compile that makes deducing the line numbers a
> > little easier.
> >
>
> Hmm, I'll take a look sometime in the future, thanks
Did that... Hmm...
I am wondering if smp_rcu_assign_pointer() (or more precisely smp_wmb())
is correctly implemented on octeon platform.
Try to add in fib_nl_newrule() right after the kzalloc bloc :
rule = kzalloc(ops->rule_size, GFP_KERNEL);
if (rule == NULL) {
err = -ENOMEM;
goto errout;
}
+ rule->list.next = LIST_POISON1;
+ rule->list.prev = LIST_POISON2;
So that we can actually see if the NULL dereference bug you hit becomes
a "LIST_POISON1" dereference bug...
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists