lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 26 Jan 2018 03:23:42 +0000
From:   "Li,Rongqing" <lirongqing@...du.com>
To:     Eric Dumazet <eric.dumazet@...il.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
CC:     "edumazet@...gle.com" <edumazet@...gle.com>
Subject: 答复: 答复: [PATCH] net: clean the sk_frag.page of new cloned socket



> -----邮件原件-----
> 发件人: Eric Dumazet [mailto:eric.dumazet@...il.com]
> 发送时间: 2018年1月26日 11:14
> 收件人: Li,Rongqing <lirongqing@...du.com>; netdev@...r.kernel.org
> 抄送: edumazet@...gle.com
> 主题: Re: 答复: [PATCH] net: clean the sk_frag.page of new cloned socket
> 
> On Fri, 2018-01-26 at 02:09 +0000, Li,Rongqing wrote:
> 
> >
> > crash> bt 8683
> > PID: 8683   TASK: ffff881faa088000  CPU: 10  COMMAND: "mynode"
> >  #0 [ffff881fff145e78] crash_nmi_callback at ffffffff81031712
> >  #1 [ffff881fff145e88] nmi_handle at ffffffff816cafe9
> >  #2 [ffff881fff145ec8] do_nmi at ffffffff816cb0f0
> >  #3 [ffff881fff145ef0] end_repeat_nmi at ffffffff816ca4a1
> >     [exception RIP: _raw_spin_lock_irqsave+62]
> >     RIP: ffffffff816c9a9e  RSP: ffff881fa992b990  RFLAGS: 00000002
> >     RAX: 0000000000004358  RBX: ffff88207ffd7e80  RCX:
> 0000000000004358
> >     RDX: 0000000000004356  RSI: 0000000000000246  RDI:
> ffff88207ffd7ee8
> >     RBP: ffff881fa992b990   R8: 0000000000000000   R9:
> 00000000019a16e6
> >     R10: 0000000000004d24  R11: 0000000000004000  R12:
> 0000000000000242
> >     R13: 0000000000004d24  R14: 0000000000000001  R15:
> 0000000000000000
> >     ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
> > --- <NMI exception stack> ---
> >  #4 [ffff881fa992b990] _raw_spin_lock_irqsave at ffffffff816c9a9e
> >  #5 [ffff881fa992b998] get_page_from_freelist at ffffffff8113ce5f
> >  #6 [ffff881fa992ba70] __alloc_pages_nodemask at ffffffff8113d15f
> >  #7 [ffff881fa992bba0] alloc_pages_current at ffffffff8117ab29
> >  #8 [ffff881fa992bbe8] sk_page_frag_refill at ffffffff815dd310
> >  #9 [ffff881fa992bc18] tcp_sendmsg at ffffffff8163e4f3
> > #10 [ffff881fa992bcd8] inet_sendmsg at ffffffff81668434
> > #11 [ffff881fa992bd08] sock_sendmsg at ffffffff815d9719
> > #12 [ffff881fa992be58] SYSC_sendto at ffffffff815d9c81
> > #13 [ffff881fa992bf70] sys_sendto at ffffffff815da6ae
> > #14 [ffff881fa992bf80] system_call_fastpath at ffffffff816d2189
> >
> 
> Note that tcp_sendmsg() does not use sk->sk_frag, but the per task page.
> 
> Unless something changes sk->sk_allocation, which a user application can
> not do.
> 
> Are you using a pristine upstream kernel ?

No

I do not know how to reproduce my bug, I find it twice online.

-RongQing

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ