| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Jan 2013 22:20:01 -0800
From: Ben Greear <greearb@...delatech.com>
To: netdev <netdev@...r.kernel.org>
Subject: Re: 3.7.5: lockdep disabled, then crash in skb_queue_tail.
On 01/29/2013 09:35 PM, Ben Greear wrote:
> This is from a slightly modified 3.7.5 kernel.
>
> Test case is 2 VAPs, 10 wifi stations, some 'veth' interfaces, etc. This
> appeared to happen during configuration of the interfaces, right after
> system boot.
>
> It seems impossible that the skb is null, but maybe it's some general
> corrupted memory bug or something...gah!
This was probably caused by the bug already fixed by the commit below.
Seems this just hasn't quite made it to the -stable release yet....
commit 1adb2e2b5f85023d17eb4f95386a57029df27c88
Author: Felix Fietkau <nbd@...nwrt.org>
Date: Wed Jan 9 16:16:53 2013 +0100
ath9k: fix double-free bug on beacon generate failure
When the next beacon is sent, the ath_buf from the previous run is reused.
If getting a new beacon from mac80211 fails, bf->bf_mpdu is not reset, yet
the skb is freed, leading to a double-free on the next beacon tx attempt,
resulting in a system crash.
Cc: stable@...r.kernel.org
Signed-off-by: Felix Fietkau <nbd@...nwrt.org>
Signed-off-by: John W. Linville <linville@...driver.com>
I've added this patch and will continue to test...
Thanks,
Ben
--
Ben Greear <greearb@...delatech.com>
Candela Technologies Inc http://www.candelatech.com
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists