* [TEST_PATCH]Re: Fw: Oops in register_proc_table (2.6.1-mm4) [not found] <OFB49626C9.096C6A6C-ON87256E20.006D3112@us.ibm.com> @ 2004-01-19 19:49 ` Krishna Kumar 2004-01-19 23:51 ` Thomas Schlichter 0 siblings, 1 reply; 8+ messages in thread From: Krishna Kumar @ 2004-01-19 19:49 UTC (permalink / raw) To: akpm; +Cc: netdev, thomas.schlichter, KK Hi, Can you test with following patch ? thanks, - KK diff -ruN linux-2.6.0-rc2-bk6/net/ipv6/route.c linux-2.6.0-rc2-bk6.new/net/ipv6/route.c --- linux-2.6.0-rc2-bk6/net/ipv6/route.c 2004-01-19 11:41:14.000000000 -0800 +++ linux-2.6.0-rc2-bk6.new/net/ipv6/route.c 2004-01-19 11:42:33.000000000 -0800 @@ -1974,6 +1974,7 @@ .proc_handler = &proc_dointvec_jiffies, .strategy = &sysctl_jiffies, }, + { .ctl_name = 0 } }; #endif > OK, I can reproduce this oops now. > > 0xc0126f7d in register_proc_table (table=0xc04cc80c, root=0xcff92600) at > string.h:182 > 182 __asm__ __volatile__( > (gdb) bt > #0 0xc0126f7d in register_proc_table (table=0xc04cc80c, root=0xcff92600) > at string.h:182 > #1 0xc0126fcb in register_proc_table (table=0xc04cd540, root=0xcff92680) > at sysctl.c:1187 > #2 0xc0126fcb in register_proc_table (table=0xc04cf624, root=0xcff95680) > at sysctl.c:1187 > #3 0xc0126fcb in register_proc_table (table=0xc0451958, root=0xcffa0380) > at sysctl.c:1187 > #4 0xc051f727 in sysctl_init () at sysctl.c:854 > #5 0xc0105169 in init (unused=0x0) at init/main.c:557 > (gdb) f 3 > #3 0xc0126fcb in register_proc_table (table=0xc0451958, root=0xcffa0380) > at sysctl.c:1187 > 1187 register_proc_table(table->child, de); > (gdb) p *table > $1 = {ctl_name = 3, procname = 0xc043394e "net", data = 0x0, maxlen = 0, > mode = 365, child = 0xc04cf5a0, > proc_handler = 0, strategy = 0, de = 0xcff95680, extra1 = 0x0, extra2 = > 0x0} > (gdb) f 2 > #2 0xc0126fcb in register_proc_table (table=0xc04cf624, root=0xcff95680) > at sysctl.c:1187 > 1187 register_proc_table(table->child, de); > (gdb) p *table > $2 = {ctl_name = 12, procname = 0xc0431b88 "ipv6", data = 0x0, maxlen = 0, > mode = 365, > child = 0xc04cd540, proc_handler = 0, strategy = 0, de = 0xcff92680, > extra1 = 0x0, extra2 = 0x0} > (gdb) f 1 > #1 0xc0126fcb in register_proc_table (table=0xc04cd540, root=0xcff92680) > at sysctl.c:1187 > 1187 register_proc_table(table->child, de); > (gdb) p *table > $3 = {ctl_name = 18, procname = 0xc0431402 "route", data = 0x0, maxlen = 0, > mode = 365, > child = 0xc04cc680, proc_handler = 0, strategy = 0, de = 0xcff92600, > extra1 = 0x0, extra2 = 0x0} > (gdb) f 0 > #0 0xc0126f7d in register_proc_table (table=0xc04cc80c, root=0xcff92600) > at string.h:182 > 182 __asm__ __volatile__( > (gdb) p *table > $4 = {ctl_name = 1220, procname = 0x927c0 <Address 0x927c0 out of bounds>, > data = 0x9, maxlen = 60000, > mode = 500, child = 0x1000, proc_handler = 0, strategy = 0, de = 0x0, > extra1 = 0x0, extra2 = 0x0} > > It seems that ipv6 is registering something under /proc/net/ipv6/route > which has a bad ctl_table.procname. I don't know what it is - the ipv6 > sysctl code overpowered my attention span. > > The .config is attached - 2.6.1-mm4 should demonstrate the problem. > > Can one of the ip6 guys please look at this? ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [TEST_PATCH]Re: Fw: Oops in register_proc_table (2.6.1-mm4) 2004-01-19 19:49 ` [TEST_PATCH]Re: Fw: Oops in register_proc_table (2.6.1-mm4) Krishna Kumar @ 2004-01-19 23:51 ` Thomas Schlichter 2004-01-20 0:06 ` [PATCH] " Krishna Kumar 0 siblings, 1 reply; 8+ messages in thread From: Thomas Schlichter @ 2004-01-19 23:51 UTC (permalink / raw) To: Krishna Kumar, akpm; +Cc: netdev, KK [-- Attachment #1: signed data --] [-- Type: text/plain, Size: 611 bytes --] Hi, Am Montag, 19. Januar 2004 20:49 schrieb Krishna Kumar: > Hi, > > Can you test with following patch ? Yes, and it cures the Oops here! > thanks, Thank you, too! > - KK Thomas Schlichter > diff -ruN linux-2.6.0-rc2-bk6/net/ipv6/route.c > linux-2.6.0-rc2-bk6.new/net/ipv6/route.c --- > linux-2.6.0-rc2-bk6/net/ipv6/route.c 2004-01-19 11:41:14.000000000 -0800 > +++ linux-2.6.0-rc2-bk6.new/net/ipv6/route.c 2004-01-19 11:42:33.000000000 > -0800 @@ -1974,6 +1974,7 @@ > .proc_handler = &proc_dointvec_jiffies, > .strategy = &sysctl_jiffies, > }, > + { .ctl_name = 0 } > }; > > #endif [-- Attachment #2: signature --] [-- Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH] Oops in register_proc_table (2.6.1-mm4) 2004-01-19 23:51 ` Thomas Schlichter @ 2004-01-20 0:06 ` Krishna Kumar 2004-01-20 5:11 ` David S. Miller 0 siblings, 1 reply; 8+ messages in thread From: Krishna Kumar @ 2004-01-20 0:06 UTC (permalink / raw) To: davem, Thomas Schlichter; +Cc: akpm, netdev Hi Dave, Please apply the patch below. Thanks, - KK diff -ruN linux-2.6.0-rc2-bk6/net/ipv6/route.c linux-2.6.0-rc2-bk6.new/net/ipv6/route.c --- linux-2.6.0-rc2-bk6/net/ipv6/route.c 2004-01-19 11:41:14.000000000 -0800 +++ linux-2.6.0-rc2-bk6.new/net/ipv6/route.c 2004-01-19 11:42:33.000000000 -0800 @@ -1974,6 +1974,7 @@ .proc_handler = &proc_dointvec_jiffies, .strategy = &sysctl_jiffies, }, + { .ctl_name = 0 } }; #endif On Tue, 20 Jan 2004, Thomas Schlichter wrote: > Hi, > > Am Montag, 19. Januar 2004 20:49 schrieb Krishna Kumar: > > Hi, > > > > Can you test with following patch ? > > Yes, and it cures the Oops here! > > > thanks, > > Thank you, too! > > > - KK > > Thomas Schlichter ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] Oops in register_proc_table (2.6.1-mm4) 2004-01-20 0:06 ` [PATCH] " Krishna Kumar @ 2004-01-20 5:11 ` David S. Miller 2004-01-20 19:46 ` [PATCH] Uninitialized dst in ip6_dst_lookup Krishna Kumar 2004-02-05 1:41 ` [PATCH] bug in xfrm_lookup [bugzilla 2017] Krishna Kumar 0 siblings, 2 replies; 8+ messages in thread From: David S. Miller @ 2004-01-20 5:11 UTC (permalink / raw) To: Krishna Kumar; +Cc: thomas.schlichter, akpm, netdev On Mon, 19 Jan 2004 16:06:22 -0800 (PST) Krishna Kumar <krkumar@us.ibm.com> wrote: > Please apply the patch below. Applied, thanks Krishna. ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH] Uninitialized dst in ip6_dst_lookup 2004-01-20 5:11 ` David S. Miller @ 2004-01-20 19:46 ` Krishna Kumar 2004-01-22 6:14 ` David S. Miller 2004-02-05 1:41 ` [PATCH] bug in xfrm_lookup [bugzilla 2017] Krishna Kumar 1 sibling, 1 reply; 8+ messages in thread From: Krishna Kumar @ 2004-01-20 19:46 UTC (permalink / raw) To: David S. Miller; +Cc: netdev, KK Hi Dave, ip6_dst_lookup() is supposed to fill in the *dst, hence it must not dereference *dst until it allocates it. However if the passed sk is NULL and *dst is not set by the caller, the following code will dereference uninitialized memory : if (*dst == NULL) *dst = ip6_route_output(sk, fl); >>>>> will not execute if ((err = (*dst)->error)) >>>>> dereference bad stack address. goto out_err_release; I am suggesting moving the responsibility of ensuring a good *dst from the callers to ip6_dst_lookup(). Currently the existing code doesn't cause any problem since this routine is called either with sk!=NULL or if sk is NULL, the *dst passed is NULL (tcp_v6_send_reset() and tcp_v6_send_ack() do alloc_skb() which sets all fields till truesize to NULL). However if some code is added/changed such that sk is NULL and an uninitialized *dst is passed, we will reference uninitialized *dst. Suggesting following patch to handle this case. thanks, - KK diff -ruN linux-2.6.1.bk2/net/ipv6/ip6_output.c linux-2.6.1.bk2.new/net/ipv6/ip6_output.c --- linux-2.6.1.bk2/net/ipv6/ip6_output.c 2004-01-20 11:12:06.000000000 -0800 +++ linux-2.6.1.bk2.new/net/ipv6/ip6_output.c 2004-01-20 11:13:28.000000000 -0800 @@ -725,6 +725,7 @@ { int err = 0; + *dst = NULL; if (sk) { struct ipv6_pinfo *np = inet6_sk(sk); ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] Uninitialized dst in ip6_dst_lookup 2004-01-20 19:46 ` [PATCH] Uninitialized dst in ip6_dst_lookup Krishna Kumar @ 2004-01-22 6:14 ` David S. Miller 0 siblings, 0 replies; 8+ messages in thread From: David S. Miller @ 2004-01-22 6:14 UTC (permalink / raw) To: Krishna Kumar; +Cc: netdev, krkumar On Tue, 20 Jan 2004 11:46:02 -0800 (PST) Krishna Kumar <krkumar@us.ibm.com> wrote: > ip6_dst_lookup() is supposed to fill in the *dst, hence it must not > dereference *dst until it allocates it. However if the passed sk is > NULL and *dst is not set by the caller, the following code will > dereference uninitialized memory : > > if (*dst == NULL) > *dst = ip6_route_output(sk, fl); >>>>> will not execute > if ((err = (*dst)->error)) >>>>> dereference bad stack address. > goto out_err_release; > > I am suggesting moving the responsibility of ensuring a good *dst from the > callers to ip6_dst_lookup(). I agree, patch applied. Thanks. ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH] bug in xfrm_lookup [bugzilla 2017] 2004-01-20 5:11 ` David S. Miller 2004-01-20 19:46 ` [PATCH] Uninitialized dst in ip6_dst_lookup Krishna Kumar @ 2004-02-05 1:41 ` Krishna Kumar 2004-02-05 7:12 ` David S. Miller 1 sibling, 1 reply; 8+ messages in thread From: Krishna Kumar @ 2004-02-05 1:41 UTC (permalink / raw) To: David S. Miller; +Cc: netdev Hi Dave, One of my earlier patches had a bug in xfrm_lookup() causin schedule() to get called though MSG_DONTWAIT was specified. I am going to send the following patch to the bugzilla user who created this bug report and ask them to test it. I thought I will let you know of this problem and I will send you a confirmation once I get a response that the problem is solved. Thanks, - KK diff -ruN linux-2.6.2/net/xfrm/xfrm_policy.c linux-2.6.2.new/net/xfrm/xfrm_policy.c --- linux-2.6.2/net/xfrm/xfrm_policy.c 2004-02-04 17:33:51.000000000 -0800 +++ linux-2.6.2.new/net/xfrm/xfrm_policy.c 2004-02-04 17:34:37.000000000 -0800 @@ -775,7 +775,7 @@ if (unlikely(nx<0)) { err = nx; - if (err == -EAGAIN && !flags) { + if (err == -EAGAIN && flags) { DECLARE_WAITQUEUE(wait, current); add_wait_queue(&km_waitq, &wait); ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] bug in xfrm_lookup [bugzilla 2017] 2004-02-05 1:41 ` [PATCH] bug in xfrm_lookup [bugzilla 2017] Krishna Kumar @ 2004-02-05 7:12 ` David S. Miller 0 siblings, 0 replies; 8+ messages in thread From: David S. Miller @ 2004-02-05 7:12 UTC (permalink / raw) To: Krishna Kumar; +Cc: netdev On Wed, 4 Feb 2004 17:41:48 -0800 (PST) Krishna Kumar <krkumar@us.ibm.com> wrote: > One of my earlier patches had a bug in xfrm_lookup() causin schedule() > to get called though MSG_DONTWAIT was specified. I am going to send > the following patch to the bugzilla user who created this bug report > and ask them to test it. I thought I will let you know of this problem > and I will send you a confirmation once I get a response that the problem > is solved. You patch looks correct so I'll apply it for now, if something is wrong with it send me a fix relative to this patch. Thanks. ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2004-02-05 7:12 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <OFB49626C9.096C6A6C-ON87256E20.006D3112@us.ibm.com>
2004-01-19 19:49 ` [TEST_PATCH]Re: Fw: Oops in register_proc_table (2.6.1-mm4) Krishna Kumar
2004-01-19 23:51 ` Thomas Schlichter
2004-01-20 0:06 ` [PATCH] " Krishna Kumar
2004-01-20 5:11 ` David S. Miller
2004-01-20 19:46 ` [PATCH] Uninitialized dst in ip6_dst_lookup Krishna Kumar
2004-01-22 6:14 ` David S. Miller
2004-02-05 1:41 ` [PATCH] bug in xfrm_lookup [bugzilla 2017] Krishna Kumar
2004-02-05 7:12 ` David S. Miller
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).