Re: tip -ENOBOOT - bisected to locking/refcounts, x86/asm: Implement fast refcount overflow protection

From: Kees Cook
Date: Thu Aug 31 2017 - 15:28:49 EST

Next message: kbuild test robot: "[tip:x86/apic 2/3] arch/x86/kernel/eisa.c:8:16: fatal error: io.h: No such file or directory"
Previous message: Michael Bringmann: "[PATCH V12] powerpc/vphn: Update CPU topology when VPHN enabled"
In reply to: Kees Cook: "Re: tip -ENOBOOT - bisected to locking/refcounts, x86/asm: Implement fast refcount overflow protection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Aug 31, 2017 at 6:58 AM, Mike Galbraith <efault@xxxxxx> wrote:
> gdb) list *in6_dev_get+0x10
> 0xffffffff8166d3d0 is in in6_dev_get (./include/net/addrconf.h:318).
> 313 {
> 314 struct inet6_dev *idev;
> 315
> 316 rcu_read_lock();
> 317 idev = rcu_dereference(dev->ip6_ptr);
> 318 if (idev)
> 319 refcount_inc(&idev->refcnt);
> 320 rcu_read_unlock();
> 321 return idev;
> 322

And this is a completely different refcount from the other that
tripped. This one is quite simple, too, though I see it uses
refcount_dec(), which is a path to saturation. I've sent a patch to
try to clarify this further...

-Kees

--
Kees Cook
Pixel Security

Next message: kbuild test robot: "[tip:x86/apic 2/3] arch/x86/kernel/eisa.c:8:16: fatal error: io.h: No such file or directory"
Previous message: Michael Bringmann: "[PATCH V12] powerpc/vphn: Update CPU topology when VPHN enabled"
In reply to: Kees Cook: "Re: tip -ENOBOOT - bisected to locking/refcounts, x86/asm: Implement fast refcount overflow protection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]