[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[patch #3347] Double free and memory loss probing partition table
|
From: |
Neal H. Walfield |
|
Subject: |
[patch #3347] Double free and memory loss probing partition table |
|
Date: |
Tue, 07 Sep 2004 11:15:28 -0400 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040413 Debian/1.6-5 |
This mail is an automated notification from the patch tracker
of the project: The GNU Hurd.
/**************************************************************************/
[patch #3347] Full Item Snapshot:
URL: <http://savannah.gnu.org/patch/?func=detailitem&item_id=3347>
Project: The GNU Hurd
Submitted by: Neal H. Walfield
On: Tue 09/07/04 at 15:10
Category: GNU Mach
Priority: 7 - High
Resolution: None
Privacy: Public
Assigned to: None
Originator Email:
Status: Open
Summary: Double free and memory loss probing partition table
Original Submission: While GNU Mach reads the partition table, the second
assert in
linux/dev/glue:free_pages is triggered. This particular assert checks
for double frees.
I have traced the problem back to getblk and __brelse: if linux_auto_config
is true (which it is when partitions are being probed), a static buffer
is used to hold the BH structure. If getblk is called a second time
(i.e. before the first block is released), the buffer is overriden.
This results in a double free, a memory leak (as the buffer in the
first BH is never released) and a consistency problem as code which
uses the first buffer will now see different data. This is the case
in linux/dev/drivers/block/genhd.c:msdos_partition which calls bread
then, before freeing the block, calls extended_partition which also
calls bread. In reality, there is no reason to not use kalloc and
kfree here. In kern/statup.c:setup_main, we see that vm_mem_bootstrap
which calls kmem_init is called long before
linux/dev/init/main.c:linux_init is invoked by
i386/i386at/machine_init:machine_init.
This attached patch changes getblk and __brelse to always use kalloc
and kfree and adds asserts to kern/kalloc.c to make sure that kalloc,
kfree and kget are only called after kmem_init has been called.
Apply the patch using -p0
ChangeLog:
2004-09-07 Neal H. Walfield <neal@cs.uml.edu>
* linux/dev/glue/block.c (__brelse): Unconditionally kfree BH.
(getblk): Unconditionally kalloc BH.
* kern/kalloc.c [!NDEBUG] (kalloc_init_called): New static
variable.
(kalloc_init): Assert that kalloc_init_called is zero.
[! NDEBUG] Set kalloc_init_called to 1 on success.
(kalloc): Assert that kalloc_init_called is non-zero.
(kget): Likewise.
(kfree): Likewise.
File Attachments
-------------------
-------------------------------------------------------
Date: Tue 09/07/04 at 15:10 Name: double-free.diff Size: 3.18KB By: neal
http://savannah.gnu.org/patch/download.php?item_id=3347&item_file_id=3647
For detailed info, follow this link:
<http://savannah.gnu.org/patch/?func=detailitem&item_id=3347>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [patch #3347] Double free and memory loss probing partition table,
Neal H. Walfield <=