subject:"af_packet\: use after free in prb_retire_rx_blk_timer

RE: af_packet: use after free in prb_retire_rx_blk_timer_expired

2017-07-24 Thread liujian (CE)

rizon.com; > da...@davemloft.net; eduma...@google.com; will...@google.com; > dan...@iogearbox.net; netdev@vger.kernel.org; linux-ker...@vger.kernel.org > Subject: Re: af_packet: use after free in prb_retire_rx_blk_timer_expired > > > > On 2017/7/24 9:09, Ding Tianhong wrote: >

Re: af_packet: use after free in prb_retire_rx_blk_timer_expired

2017-07-23 Thread Ding Tianhong

On 2017/7/24 9:09, Ding Tianhong wrote: > > > On 2017/7/24 1:03, Cong Wang wrote: >> On Sun, Jul 23, 2017 at 5:48 AM, liujian (CE) wrote: >>> Hi >>> >>> I find it caused by below steps: >>> 1. set tp_version to TPACKET_V3 and req->tp_block_nr to 1 >>> 2. set tp_block_nr

Re: af_packet: use after free in prb_retire_rx_blk_timer_expired

2017-07-23 Thread Ding Tianhong

On 2017/7/24 1:03, Cong Wang wrote: > On Sun, Jul 23, 2017 at 5:48 AM, liujian (CE) wrote: >> Hi >> >> I find it caused by below steps: >> 1. set tp_version to TPACKET_V3 and req->tp_block_nr to 1 >> 2. set tp_block_nr to 0 >> Then pg_vec was freed, and we did not delete

Re: af_packet: use after free in prb_retire_rx_blk_timer_expired

2017-07-23 Thread Cong Wang

On Sun, Jul 23, 2017 at 5:48 AM, liujian (CE) wrote: > Hi > > I find it caused by below steps: > 1. set tp_version to TPACKET_V3 and req->tp_block_nr to 1 > 2. set tp_block_nr to 0 > Then pg_vec was freed, and we did not delete the timer? Thanks for testing! Ah, I overlook

RE: af_packet: use after free in prb_retire_rx_blk_timer_expired

2017-07-23 Thread liujian (CE)

> > 01fd6b70 > > ORIG_RAX: 0036 CS: 0033 SS: 002b > > > > > > Best Regards, > > liujian > > > > > > > -Original Message- > > > From: Cong Wang [mailto:xiyou.wangc...@gmail.com] > > > Sent:

RE: af_packet: use after free in prb_retire_rx_blk_timer_expired

2017-07-23 Thread liujian (CE)

s; alexander.le...@verizon.com; > da...@davemloft.net; eduma...@google.com; will...@google.com; > dan...@iogearbox.net; netdev@vger.kernel.org; linux-ker...@vger.kernel.org > Subject: RE: af_packet: use after free in prb_retire_rx_blk_timer_expired > > Hi Wang Cong, > > With this

RE: af_packet: use after free in prb_retire_rx_blk_timer_expired

2017-07-23 Thread liujian (CE)

jn; Dave Jones; alexander.le...@verizon.com; > da...@davemloft.net; eduma...@google.com; will...@google.com; > dan...@iogearbox.net; netdev@vger.kernel.org; linux-ker...@vger.kernel.org > Subject: Re: af_packet: use after free in prb_retire_rx_blk_timer_expired > > On Sat, Jul 22

Re: af_packet: use after free in prb_retire_rx_blk_timer_expired

2017-07-23 Thread Cong Wang

On Sat, Jul 22, 2017 at 8:40 PM, Ding Tianhong wrote: > Hi, Cong: > > Thanks for your quirk solution, but I still has some doubts about it, > it looks like fix the problem in the packet_setsockopt->packet_set_ring > processing, > but when in packet_release processing, it

Re: af_packet: use after free in prb_retire_rx_blk_timer_expired

2017-07-22 Thread Ding Tianhong

On 2017/7/23 3:02, Cong Wang wrote: > Hello, > > On Sat, Jul 22, 2017 at 2:55 AM, liujian (CE) wrote: >> I also hit this issue with trinity test: >> >> The call trace: >> [exception RIP: prb_retire_rx_blk_timer_expired+70] >> RIP: 81633be6 RSP:

Re: af_packet: use after free in prb_retire_rx_blk_timer_expired

2017-07-22 Thread Cong Wang

Hello, On Sat, Jul 22, 2017 at 2:55 AM, liujian (CE) wrote: > I also hit this issue with trinity test: > > The call trace: > [exception RIP: prb_retire_rx_blk_timer_expired+70] > RIP: 81633be6 RSP: 8801bec03dc0 RFLAGS: 00010246 > RAX:

RE: af_packet: use after free in prb_retire_rx_blk_timer_expired

2017-07-22 Thread liujian (CE)

de Bruijn > Sent: Wednesday, April 12, 2017 7:23 AM > To: Dave Jones; alexander.le...@verizon.com; da...@davemloft.net; > eduma...@google.com; will...@google.com; dan...@iogearbox.net; > netdev@vger.kernel.org; linux-ker...@vger.kernel.org > Subject: Re: af_packet: use after free in prb_reti

Re: af_packet: use after free in prb_retire_rx_blk_timer_expired

2017-04-11 Thread Willem de Bruijn

On Mon, Apr 10, 2017 at 3:23 PM, Dave Jones wrote: > On Mon, Apr 10, 2017 at 07:03:30PM +, alexander.le...@verizon.com wrote: > > Hi all, > > > > I seem to be hitting this use-after-free on a -next kernel using trinity: > > > > [ 531.036054] BUG: KASAN:

Re: af_packet: use after free in prb_retire_rx_blk_timer_expired

2017-04-10 Thread Dave Jones

On Mon, Apr 10, 2017 at 07:03:30PM +, alexander.le...@verizon.com wrote: > Hi all, > > I seem to be hitting this use-after-free on a -next kernel using trinity: > > [ 531.036054] BUG: KASAN: use-after-free in prb_retire_rx_blk_timer_expired > (net/packet/af_packet.c:688)

af_packet: use after free in prb_retire_rx_blk_timer_expired

2017-04-10 Thread alexander . levin

Hi all, I seem to be hitting this use-after-free on a -next kernel using trinity: [ 531.036054] BUG: KASAN: use-after-free in prb_retire_rx_blk_timer_expired (net/packet/af_packet.c:688) [ 531.036961] Read of size 8 at addr 88038c1fb0e8

RE: af_packet: use after free in prb_retire_rx_blk_timer_expired

Re: af_packet: use after free in prb_retire_rx_blk_timer_expired

Re: af_packet: use after free in prb_retire_rx_blk_timer_expired

Re: af_packet: use after free in prb_retire_rx_blk_timer_expired

RE: af_packet: use after free in prb_retire_rx_blk_timer_expired

RE: af_packet: use after free in prb_retire_rx_blk_timer_expired

RE: af_packet: use after free in prb_retire_rx_blk_timer_expired

Re: af_packet: use after free in prb_retire_rx_blk_timer_expired

Re: af_packet: use after free in prb_retire_rx_blk_timer_expired

Re: af_packet: use after free in prb_retire_rx_blk_timer_expired

RE: af_packet: use after free in prb_retire_rx_blk_timer_expired

Re: af_packet: use after free in prb_retire_rx_blk_timer_expired

Re: af_packet: use after free in prb_retire_rx_blk_timer_expired

af_packet: use after free in prb_retire_rx_blk_timer_expired

14 matches

Site Navigation

Mail list logo

Footer information