| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20110927201500.GA27713@redhat.com>
Date: Tue, 27 Sep 2011 16:15:00 -0400
From: Dave Jones <davej@...hat.com>
To: David Miller <davem@...emloft.net>
Cc: netdev@...r.kernel.org
Subject: Re: __pskb_pull_tail oops from 2.6.35
On Tue, Sep 27, 2011 at 04:08:04PM -0400, David Miller wrote:
> From: Dave Jones <davej@...hat.com>
> Date: Tue, 27 Sep 2011 16:03:28 -0400
>
> > A user just reported this on a fairly old kernel (running the latest -longterm patch).
> > I had a look through net/core/skbuff.c since 2.6.35, and didn't see anything obvious.
> > Does this look familiar to anyone ?
>
> I would say that something far outside of __pskb_pull_tail() is corrupting the
> SKB state. He has a bunch of netfilter stuff loaded so the possibilities are
> endless :-)
>
> Any chance to figure out exactly what NULL dereference happens inside of
> __pskb_pull_tail()?
It looks like it died in put_page..
<1>[ 262.574991] IP: [<ffffffff810dca57>] put_page+0x10/0x7c
which is only called in one place..
1267 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1268 if (skb_shinfo(skb)->frags[i].size <= eat) {
1269 put_page(skb_shinfo(skb)->frags[i].page);
1270 eat -= skb_shinfo(skb)->frags[i].size;
1271 } else {
Dave
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists