| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.DEB.2.00.1104200901010.8634@router.home> Date: Wed, 20 Apr 2011 09:04:08 -0500 (CDT) From: Christoph Lameter <cl@...ux.com> To: Eric Dumazet <eric.dumazet@...il.com> cc: Andrew Morton <akpm@...ux-foundation.org>, netdev@...r.kernel.org, bugzilla-daemon@...zilla.kernel.org, bugme-daemon@...zilla.kernel.org, casteyde.christian@...e.fr, Vegard Nossum <vegardno@....uio.no>, Pekka Enberg <penberg@...nel.org> Subject: Re: [Bugme-new] [Bug 33502] New: Caught 64-bit read from uninitialized memory in __alloc_skb On Wed, 20 Apr 2011, Eric Dumazet wrote: > Le mardi 19 avril 2011 à 16:18 -0500, Christoph Lameter a écrit : > > On Tue, 19 Apr 2011, Eric Dumazet wrote: > > > > > > Ugg.. Isnt there some way to indicate to kmemcheck that a speculative > > > > access is occurring? > > > > > > Yes, here is a totally untested patch (only compiled here), to keep > > > kmemcheck & cmpxchg_double together. > > > > Ok looks somewhat saner. Why does DEBUG_PAGEALLOC need this? Pages are > > never freed as long as a page is frozen and a page needs to be frozen to > > be allocated from. I dont see how we could reference a free page. > > We run lockless and IRQ enabled, are you sure we cannot at this point : > > CPU0 - Receive an IRQ > CPU0 - Allocate this same object consume the page(s) containing this object > CPU0 - Pass this object/memory to another cpu1 > CPU1 - Free memory and free the page(s) > CPU0 - Return from IRQ > CPU0 - Access now unreachable memory ? True this can occur.
Powered by blists - more mailing lists