Re: tip -ENOBOOT - bisected to locking/refcounts, x86/asm: Implement fast refcount overflow protection

From: Kees Cook
Date: Tue Aug 29 2017 - 14:41:27 EST

Next message: dbasehore .: "Re: [PATCH] pwm_bl: Fix overflow condition"
Previous message: Jerome Glisse: "Re: kvm splat in mmu_spte_clear_track_bits"
In reply to: Mike Galbraith: "Re: tip -ENOBOOT - bisected to locking/refcounts, x86/asm: Implement fast refcount overflow protection"
Next in thread: Mike Galbraith: "Re: tip -ENOBOOT - bisected to locking/refcounts, x86/asm: Implement fast refcount overflow protection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Aug 29, 2017 at 11:10 AM, Mike Galbraith <efault@xxxxxx> wrote:
> On Tue, 2017-08-29 at 18:55 +0200, Mike Galbraith wrote:
>> On Tue, 2017-08-29 at 08:58 -0700, Kees Cook wrote:
>> >
>> > Ah-ha, found the tip-bot commit now that disables the x86 refcount
>> > implementation. Can you boot with CONFIG_REFCOUNT_FULL=y?
>>
>> Will do in the A.M.
>
> (It's A.M. somewhere..) That boots fine.

Okay, thanks! I think we've seen this before, but couldn't reproduce
it. The issue is:

static void netlink_sock_destruct(struct sock *sk)
{
...
WARN_ON(refcount_read(&sk->sk_wmem_alloc));
...
}

Can you also test with 14afee4b6092 ("net: convert sock.sk_wmem_alloc
from atomic_t to refcount_t") reverted (instead of ARCH_HAS_REFCOUNT
disabled)?

I'll try again to reproduce this...

Thanks!

-Kees

--
Kees Cook
Pixel Security

Next message: dbasehore .: "Re: [PATCH] pwm_bl: Fix overflow condition"
Previous message: Jerome Glisse: "Re: kvm splat in mmu_spte_clear_track_bits"
In reply to: Mike Galbraith: "Re: tip -ENOBOOT - bisected to locking/refcounts, x86/asm: Implement fast refcount overflow protection"
Next in thread: Mike Galbraith: "Re: tip -ENOBOOT - bisected to locking/refcounts, x86/asm: Implement fast refcount overflow protection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]