| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Sep 2015 14:25:58 +0100 From: Rainer Weikusat <rweikusat@...ileactivedefense.com> To: Mathias Krause <minipli@...glemail.com> Cc: Rainer Weikusat <rweikusat@...ileactivedefense.com>, Jason Baron <jbaron@...mai.com>, netdev@...r.kernel.org, "linux-kernel\@vger.kernel.org" <linux-kernel@...r.kernel.org>, Eric Wong <normalperson@...t.net>, Eric Dumazet <eric.dumazet@...il.com>, Alexander Viro <viro@...iv.linux.org.uk>, Davide Libenzi <davidel@...ilserver.org>, Davidlohr Bueso <dave@...olabs.net>, Olivier Mauras <olivier@...ras.ch>, PaX Team <pageexec@...email.hu>, Linus Torvalds <torvalds@...ux-foundation.org>, "peterz\@infradead.org" <peterz@...radead.org>, "davem\@davemloft.net" <davem@...emloft.net> Subject: Re: List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket Mathias Krause <minipli@...glemail.com> writes: > On 30 September 2015 at 12:56, Rainer Weikusat <rweikusat@...ileactivedefense.com> wrote: >> Mathias Krause <minipli@...glemail.com> writes: >>> On 29 September 2015 at 21:09, Jason Baron <jbaron@...mai.com> wrote: >>>> However, if we call connect on socket 's', to connect to a new socket 'o2', we >>>> drop the reference on the original socket 'o'. Thus, we can now close socket >>>> 'o' without unregistering from epoll. Then, when we either close the ep >>>> or unregister 'o', we end up with this list corruption. Thus, this is not a >>>> race per se, but can be triggered sequentially. >>> >>> Sounds profound, but the reproducers calls connect only once per >>> socket. So there is no "connect to a new socket", no? >>> But w/e, see below. >> >> In case you want some information on this: This is a kernel warning I >> could trigger (more than once) on the single day I could so far spend >> looking into this (3.2.54 kernel): >> >> Sep 15 19:37:19 doppelsaurus kernel: WARNING: at lib/list_debug.c:53 list_del+0x9/0x30() >> Sep 15 19:37:19 doppelsaurus kernel: Hardware name: 500-330nam >> Sep 15 19:37:19 doppelsaurus kernel: list_del corruption. prev->next should be ffff88022c38f078, but was dead000000100100 >> [snip] > > Is that with Jason's patch or a vanilla v3.2.54? That's a kernel warning which occurred repeatedly (among other "link pointer disorganization" warnings) when I tested the "program with unknown behaviour" you wrote with the kernel I'm currently supporting a while ago (as I already wrote in the original mail). -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists