lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150908202315.GH20288@calimero.vinschen.de>
Date:	Tue, 8 Sep 2015 22:23:15 +0200
From:	Corinna Vinschen <vinschen@...hat.com>
To:	Francois Romieu <romieu@...zoreil.com>
Cc:	netdev@...r.kernel.org, David Miller <davem@...emloft.net>,
	pomidorabelisima@...il.com
Subject: Re: [PATCH net 3/3] r8169: increase the lifespan of the hardware
 counters dump area.

On Sep  8 02:02, Francois Romieu wrote:
> Francois Romieu <romieu@...zoreil.com> :
> [...]
> > Updated patch is on the way.
> 
> Fixed memcpy in patch 0001, moved counters allocation from open() 
> to probe(), returned open() to its original state but something is
> still wrong: the link does not come up.

I tested and debugged the attached patches.  Just as you noticed, the
interfaces (my test machine has two) don't come up at boot time and
subsequently I can also reproduce two kinds of crashes:

- Calling `ip link ... up' crashes the kernel in rtl_open like this:

[  138.031190]  [<ffffffff81670f92>] dump_stack+0x44/0x55
[  138.036311]  [<ffffffff810d92d5>] __setup_irq+0x515/0x580
[  138.041693]  [<ffffffffa006cf00>] ? rtl8169_gset_xmii+0x20/0x20 [r8169]
[  138.048284]  [<ffffffff810d94c4>] request_threaded_irq+0xf4/0x1a0
[  138.054357]  [<ffffffffa0075cf7>] rtl_open+0x3a7/0xab4 [r8169]
[...]

- Alternatively I can still reproduce the SEGV in rtl_remove_one
  when trying to rmmod the module, I just don't have the stack dump
  handy while writing this mail.  I can show it if needed.

I debugged this on and off the entire day (tweaking, compiling, rebooting,
kernel crash, rinse and repeat).

And the result of my debugging is totally crazy:

If I disable the call to rtl_init_counter_offsets in rtl_open, as in

  #if 0
        retval = rtl_init_counter_offsets(dev);
	if (retval < 0)
		netif_warn(tp, hw, dev, "counter reset/update failed\n");
  #endif

the interfaces come up just fine.

If I reenable the rtl_init_counter_offsets call in rtl_open, and reduce
the rtl_init_counter_offsets function to just this:

  static int rtl_init_counter_offsets(struct net_device *dev)
  {
	  return 1;
  }

then the interfaces refuse to come up, and a subsequent `ip link ... up'
crashes the kernel.

No, I do not understand this :(


Corinna

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ