From: Eric Sesterhenn <snakebyte@gmx.de>
To: Chris Wright <chrisw@sous-sol.org>
Cc: Pekka Enberg <penberg@cs.helsinki.fi>,
linux-kernel@vger.kernel.org, James Morris <jmorris@namei.org>,
William Lee Irwin III <wli@holomorphy.com>,
Andrew Morton <akpm@linux-foundation.org>,
Vegard Nossum <vegard.nossum@gmail.com>
Subject: Re: Redzone overwritten with CONFIG_SECURITY
Date: Wed, 28 May 2008 12:03:57 +0200 [thread overview]
Message-ID: <20080528100357.GA2510@alice> (raw)
In-Reply-To: <20080527174738.GZ30402@sequoia.sous-sol.org>
* Chris Wright (chrisw@sous-sol.org) wrote:
> * Pekka Enberg (penberg@cs.helsinki.fi) wrote:
> > On Mon, May 26, 2008 at 5:34 PM, Eric Sesterhenn <snakebyte@gmx.de> wrote:
> > > i enabled CONFIG_SECURITY on current git and get tons of
> > > Redzone overwritten errors during early boot, even
> > > with CONFIG_SECURITY_CAPABILITIES and CONFIG_SECURITY_NETWORK
> > > disabled. After a while it ends with a kernel panic
> > > saying: not syncing: Out of memory and no killable process...
> > > Root partition is ext3 format.
> >
> > So what kernel version is this and what's the last known version that
> > worked? As it's early boot crash, maybe you can try to do git bisect
> > on it?
> >
> > >
> > > At the moment i dont have a camera at hand, so i'll try
> > > to write down everything which looks interesting, please tell
> > > me if i missed something.
> > >
> > > The first 24 Bytes of the overwritten section contain
> > > zeros. Then we have a constant 0x18, and three changing
> > > values. the next three bites contain exactly the same
> > > values, first the 0x18, then the two changing ones.
> > >
> > > The only value i found so far matching the 0x18 and
> > > which might be related to CONFIG_SECURITY is CAP_SYS_RESOURCE
> > > defined in /include/linux/capability.h
> > >
> > > BUG hugetlbfs_inode_cache: Redzone overwritten
> > >
> > > INFO: 0xccd8e250-0xccd8e253. First byte 0x0 instead of 0xbb
> > > Info: Slab 0xc119d1c0 objects=12 used=0 fs=0xccd8e000 flags=0x400020c3
> > > Info: Object 0xccd8e00 offset=0 fp=0xccd8e280
> > >
> > > Object 0xccd8e00: 00 00 00 ...
> > > Object 0xccd8e10: 00 00 00 00 00 00 00 00 00 18 e0 d8 cc 18 e0 d8 cc
> > > Object 0xccd8e20 00 00 00 ...
>
> That looks like an addr within the object, like an INIT_LIST_HEAD.
>
> > > Pid: 1, comm:swapper Not tainted 2.6.26-rc3-00436-gb373303 #42
> > > print_trailer
> > > check_bytes_and_report
> > > check_object
> > > __slab_alloc
> > > kmem_cache_alloc
> > > ? hugetlbfs_alloc_inode
> > > ? hugetlbfs_alloc_inode
> > > hugetlbfs_alloc_inode
> > > alloc_inote
> > > new_inode
> > > hugetlbs_get_inote
> > > hugetlbfs_fill_super
> > > ? sget
> > > ? set_anon_super
> > > get_sb_node
> > > hugetlbfs_get_sb
> > > ? hugetlbfs_fill_super
> > > vfs_kern_mount
> > > kern_mount_data
> > > init_hugetlbfs_fs
> > > ? init_once
> > > ? kernel_init
> > > kernel_init
>
> ok, do_init_calls time frame with that config...CONFIG_SECURITY isn't
> really doing any allocations, nor much in the way of memory writes.
> It would get called into via the:
>
> hugetlbs_get_inode
> new_inode
> alloc_inode
> security_inode_alloc <-- and that'd be basically a no-op
>
> > > Config follows:
>
> I couldn't recreate with that config.
I did a fresh git-clone and tried again without being able
to reproduce this.
I diffed all .h and .c files and except for
the autogenerated ones they are exactly the same...
Is it possible that this was caused because a file didnt
get rebuild correctly? I can still reproduce it with the
old checkout. Sorry if this causes unessecary noise :(
Greetings, Eric
next prev parent reply other threads:[~2008-05-28 10:04 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-26 14:34 Redzone overwritten with CONFIG_SECURITY Eric Sesterhenn
2008-05-27 14:00 ` Eric Sesterhenn
2008-05-27 14:23 ` Vegard Nossum
2008-05-27 14:53 ` Eric Sesterhenn
2008-05-27 14:55 ` Pekka Enberg
2008-05-27 15:00 ` Pekka Enberg
2008-05-27 15:11 ` Eric Sesterhenn
2008-05-27 16:11 ` Eric Sesterhenn
2008-05-27 17:59 ` Pekka Enberg
2008-05-27 18:04 ` Christoph Lameter
2008-05-27 17:47 ` Chris Wright
2008-05-28 10:03 ` Eric Sesterhenn [this message]
2008-05-28 21:51 ` Chris Wright
2008-05-31 23:24 ` Chris Wright
2008-05-27 18:25 ` Pekka Enberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080528100357.GA2510@alice \
--to=snakebyte@gmx.de \
--cc=akpm@linux-foundation.org \
--cc=chrisw@sous-sol.org \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=penberg@cs.helsinki.fi \
--cc=vegard.nossum@gmail.com \
--cc=wli@holomorphy.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.