From: Oliver Hartkopp <oliver@hartkopp.net>
To: "Lothar Waßmann" <LW@KARO-electronics.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
davem@davemloft.net, netdev@vger.kernel.org,
urs.thuermann@volkswagen.de,
Urs Thuermann <urs@isnogud.escape.de>
Subject: Re: use after free bug in socket code
Date: Tue, 14 Jul 2009 16:41:18 +0200 [thread overview]
Message-ID: <4A5C990E.3080703@hartkopp.net> (raw)
In-Reply-To: <19036.9400.263297.330963@ipc1.ka-ro>
Lothar Waßmann wrote:
> Oliver Hartkopp writes:
>>
>> Would you like to prepare a proper patch and post it on netdev?
>>
> I'll do.
Fine.
> I would also submit a second patch to add an appropriate MODULE_ALIAS
> to the protocol drivers, so they can be autoloaded when compiled as
> module:
> diff -ur linux-2.6.30/net/can/bcm.c linux-2.6.30-karo/net/can/bcm.c
> --- linux-2.6.30/net/can/bcm.c 2009-06-10 05:05:27.000000000 +0200
> +++ linux-2.6.30-karo/net/can/bcm.c 2009-07-12 20:12:38.000000000 +0200
> @@ -75,6 +75,7 @@
> MODULE_DESCRIPTION("PF_CAN broadcast manager protocol");
> MODULE_LICENSE("Dual BSD/GPL");
> MODULE_AUTHOR("Oliver Hartkopp <oliver.hartkopp@volkswagen.de>");
> +MODULE_ALIAS("can-proto-2");
>
> /* easy access to can_frame payload */
> static inline u64 GET_U64(const struct can_frame *cp)
> diff -ur linux-2.6.30/net/can/raw.c linux-2.6.30-karo/net/can/raw.c
> --- linux-2.6.30/net/can/raw.c 2009-06-10 05:05:27.000000000 +0200
> +++ linux-2.6.30-karo/net/can/raw.c 2009-07-12 20:12:29.000000000 +0200
> @@ -62,6 +62,7 @@
> MODULE_DESCRIPTION("PF_CAN raw protocol");
> MODULE_LICENSE("Dual BSD/GPL");
> MODULE_AUTHOR("Urs Thuermann <urs.thuermann@volkswagen.de>");
> +MODULE_ALIAS("can-proto-1");
>
> #define MASK_ALL 0
>
Good idea.
I currently added these aliases somewhere in my /etc/modprobe.d directory. But
if this can be done by the kernel itself, we can reduce the distro-depended
configuation effort.
You can add my
Acked-by: Oliver Hartkopp <oliver@hartkopp.net>
to both discussed patches directly.
>
>> ps. This code section was stable for more than three years now. Can you tell
>> me, how you kicked your system to run into this problem?
>>
> I was working on a chip driver for the i.MX25 flexcan controller. The
> bug was visible due to CONFIG_DEBUG_SLAB=y which makes sure that
> memory is poisoned with a special pattern upon being freed.
Nice hint! I will enable this in my config also.
>
> The situation where this triggers a bug is when the chip driver's
> hard_start_xmit function returns a NETDEV_TX_BUSY and subsequently the
> can interface is deconfigured.
>
> Maybe you could try this on different hardware?
Will do when i'm back at work ;-)
Many Thanks,
Oliver
next prev parent reply other threads:[~2009-07-14 14:41 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-02 11:26 use after free bug in socket code Lothar Waßmann
2009-07-07 2:07 ` David Miller
2009-07-07 6:59 ` Lothar Waßmann
2009-07-07 15:19 ` David Miller
2009-07-08 6:37 ` Lothar Waßmann
2009-07-09 15:45 ` Herbert Xu
2009-07-13 16:00 ` Lothar Waßmann
2009-07-13 17:46 ` Oliver Hartkopp
2009-07-13 17:54 ` David Miller
2009-07-14 6:24 ` Lothar Waßmann
2009-07-14 14:41 ` Oliver Hartkopp [this message]
2009-07-14 15:18 ` Lothar Waßmann
2009-07-14 17:53 ` Wolfgang Grandegger
2009-07-15 9:10 ` [PATCH 1/2] net/can bugfix: use after free bug in can protocol drivers Lothar Waßmann
2009-07-15 9:12 ` [PATCH 2/2] net/can: add module alias to " Lothar Waßmann
2009-07-15 18:21 ` David Miller
2009-07-15 18:20 ` [PATCH 1/2] net/can bugfix: use after free bug in " David Miller
2009-07-07 12:15 ` use after free bug in socket code Oliver Hartkopp
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A5C990E.3080703@hartkopp.net \
--to=oliver@hartkopp.net \
--cc=LW@KARO-electronics.de \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@vger.kernel.org \
--cc=urs.thuermann@volkswagen.de \
--cc=urs@isnogud.escape.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.