From: Eric Sesterhenn <snakebyte@gmx.de>
To: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Eric Dumazet <dada1@cosmosbay.com>,
davem@davemloft.net, netdev@vger.kernel.org,
alan@lxorguk.ukuu.org.uk
Subject: Re: [PATCH] net: fix /proc/net/snmp as memory corruptor
Date: Sat, 8 Nov 2008 10:48:24 +0100 [thread overview]
Message-ID: <20081108094824.GA2546@alice> (raw)
In-Reply-To: <20081108064226.GA32078@x200.localdomain>
* Alexey Dobriyan (adobriyan@gmail.com) wrote:
> On Sat, Nov 08, 2008 at 06:53:31AM +0100, Eric Dumazet wrote:
> > Alexey Dobriyan a écrit :
> >> On Sat, Nov 08, 2008 at 05:52:56AM +0300, Alexey Dobriyan wrote:
> >>> On Sat, Nov 08, 2008 at 04:02:37AM +0300, Alexey Dobriyan wrote:
> >>>> On Sat, Nov 08, 2008 at 01:22:08AM +0100, Eric Sesterhenn wrote:
> >>>>> running a bunch of network related stresstests (isic, isicng,
> >>>>> ...) and trying to read all files in /proc afterwards gave me two
> >>>>> oopses. I was able to reproduce them on another box with
> >>>>> a different config. I was able to reproduce this on 2.6.24 too,
> >>>>> so this is no regression. The icmpsic is version 0.06. The
> >>>>> minimal testcase to trigger this:
> >>>>>
> >>>>> ------------8<----------------
> >>>>> #!/bin/bash
> >>>>>
> >>>>> icmpsic -s 127.0.0.1 -d 127.0.0.1 -p 100000
> >>>>>
> >>>>> find /proc/net/ | xargs cat > /dev/null
> >>>>>
> >>>>> cat /proc/net/ip_mr_cache
> >>>>> cat /proc/net/ip_mr_vif
> >>>>> ------------8<----------------
> >>>>>
> >>>>>
> >>>>> root@computer-desktop:~/testing# cat /proc/338/net/ip_mr_cache
> >>>>>
> >>>>> [ 1572.702100] BUG: unable to handle kernel NULL pointer dereferenceat 000001c1
> >>>>> [ 1572.702588] IP: [<c05942c6>] ipmr_mfc_seq_show+0x26/0xf0
> >>>> Reproduced.
> >>> icmpsic -s 127.0.0.1 -d 127.0.0.1 -p 100000
> >>> cat /proc/net/snmp # sic
> >>> cat /proc/net/ip_mr_cache
> >>>
> >>> mfc_cache_array is full of small integers
> >>>
> >>> [0] = 0x1a8
> >>> [1] = 0x1a9
> >>>
> >>> and so on.
> >>
> >> OK, this minimally fixes mfc_cache_array corruption.
> >>
> >> Someone was scared of 16 integers on stack. :^)
> >
> > Good spot Alexey :)
>
> This patch works too.
Wow, that was fast :-) Also verified that the patch fixes the issue.
Thanks, Eric
next prev parent reply other threads:[~2008-11-08 9:48 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-08 0:22 seq_read bugs with ipmr Eric Sesterhenn
2008-11-08 1:02 ` Alexey Dobriyan
2008-11-08 2:52 ` Alexey Dobriyan
2008-11-08 3:36 ` [PATCH] net: fix /proc/net/snmp as memory corruptor Alexey Dobriyan
2008-11-08 5:53 ` Eric Dumazet
2008-11-08 6:22 ` Alexey Dobriyan
2008-11-08 6:42 ` Alexey Dobriyan
2008-11-08 9:48 ` Eric Sesterhenn [this message]
2008-11-08 19:53 ` David Stevens
2008-11-08 20:46 ` Eric Dumazet
2008-11-08 21:05 ` David Stevens
2008-11-09 8:25 ` Eric Dumazet
2008-11-11 5:43 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081108094824.GA2546@alice \
--to=snakebyte@gmx.de \
--cc=adobriyan@gmail.com \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=dada1@cosmosbay.com \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.