| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20110420014221.GC26949@redhat.com> Date: Tue, 19 Apr 2011 21:42:22 -0400 From: Dave Jones <davej@...hat.com> To: netdev@...r.kernel.org Subject: ipqueue allocation failure. Not catastrophic, but ipqueue seems to be too trusting of what it gets passed from userspace, and passes it on down to the page allocator, where it will spew warnings if the page order is too high. __ipq_rcv_skb has several checks for lengths too small, but doesn't seem to have any for oversized ones. I'm not sure what the maximum we should check for is. I'll code up a diff if anyone has any ideas on a sane maximum. Dave ------------[ cut here ]------------ WARNING: at mm/page_alloc.c:2032 __alloc_pages_nodemask+0x17d/0x7e6() Hardware name: GA-MA78GM-S2H Modules linked in: rfcomm hidp can_raw can_bcm sctp libcrc32c ip_queue decnet pppoe pppox ppp_generic slhc can ipx p8022 p8023 phonet bluetooth rfkill a] Pid: 20393, comm: trinity Not tainted 2.6.39-rc4+ #6 Call Trace: [<ffffffff81056a9c>] warn_slowpath_common+0x83/0x9b [<ffffffff81056ace>] warn_slowpath_null+0x1a/0x1c [<ffffffff810ed743>] __alloc_pages_nodemask+0x17d/0x7e6 [<ffffffff811206c9>] ? check_object+0x174/0x1ae [<ffffffff81120a43>] ? check_slab+0xc7/0xd5 [<ffffffff813f42fe>] ? __alloc_skb+0x40/0x133 [<ffffffff813f42fe>] ? __alloc_skb+0x40/0x133 [<ffffffff814b7487>] kmalloc_large_node+0x56/0x95 [<ffffffff811235c1>] __kmalloc_node_track_caller+0x32/0x139 [<ffffffff81421b68>] ? netlink_ack+0x4a/0xe8 [<ffffffffa0500475>] ? ipq_rcv_skb+0x27/0x340 [ip_queue] [<ffffffff813f4333>] __alloc_skb+0x75/0x133 [<ffffffff81421b68>] netlink_ack+0x4a/0xe8 [<ffffffffa050076a>] ipq_rcv_skb+0x31c/0x340 [ip_queue] [<ffffffff8142174a>] netlink_unicast+0xec/0x156 [<ffffffff81421a33>] netlink_sendmsg+0x27f/0x2c0 [<ffffffff813ed76c>] __sock_sendmsg+0x69/0x75 [<ffffffff813ed834>] sock_aio_write+0xbc/0xcc [<ffffffff8113242b>] do_sync_write+0xbf/0xff [<ffffffff81206e18>] ? security_file_permission+0x2e/0x33 [<ffffffff81132861>] ? rw_verify_area+0xb6/0xd3 [<ffffffff81132b02>] vfs_write+0xb6/0xf6 [<ffffffff8113400b>] ? fget_light+0x3a/0xa1 [<ffffffff81132cf6>] sys_write+0x4d/0x74 [<ffffffff814c5d82>] system_call_fastpath+0x16/0x1b ---[ end trace cd56dc75cfeab436 ]--- -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists