From: Evgeniy Polyakov <johnpol@2ka•mipt.ru>
To: James Morris <jmorris@namei•org>
Cc: "David S. Miller" <davem@davemloft•net>,
Herbert Xu <herbert@gondor•apana.org.au>,
netdev@vger•kernel.org, Stephen Smalley <sds@tycho•nsa.gov>,
Venkat Yekkirala <vyekkirala@TrustedCS•com>,
Paul Moore <paul.moore@hp•com>
Subject: Re: [PATCH] Fix for IPsec leakage with SELinux enabled
Date: Mon, 2 Oct 2006 17:42:01 +0400 [thread overview]
Message-ID: <20061002134200.GA20441@2ka.mipt.ru> (raw)
In-Reply-To: <Pine.LNX.4.64.0610020919050.9400@d.namei>
On Mon, Oct 02, 2006 at 09:31:36AM -0400, James Morris (jmorris@namei•org) wrote:
> What kind of traffic was running over the system? What is the IPsec and
> SELinux configuration?
I had login through ssh, started racoon and setup keys.
SElinu is configured by default in FC5 system with enforcing mode.
I switched off to different window and after some time, not immediately,
remote system stopped to answer.
There were no heavy traffic definitely.
It looks like some timeout expired and someone tried to do xfrm_lookup.
> Can you run gdb on vmlinux, find the start of xfrm_lookup then list what's
> at the EIP offset?
>
> (gdb) p xfrm_lookup
> $1 = {int (struct dst_entry **, struct flowi *, struct sock *, int)}
> 0xc02cc7e2 <xfrm_lookup>
> (gdb) l *(0xc02cc7e2 + 0x043d)
(gdb) p xfrm_lookup
$1 = {int (struct dst_entry **, struct flowi *, struct sock *, int)} 0xc0301326 <xfrm_lookup>
(gdb) l *(0xc0301326+0x043d)
0xc0301763 is in xfrm_lookup (include/asm/atomic.h:126).
121 */
122 static __inline__ int atomic_dec_and_test(atomic_t *v)
123 {
124 unsigned char c;
125
126 __asm__ __volatile__(
127 LOCK_PREFIX "decl %0; sete %1"
128 :"+m" (v->counter), "=qm" (c)
129 : : "memory");
130 return c != 0;
Probably reference counter is inside freed object...
> --
> James Morris
> <jmorris@namei•org>
--
Evgeniy Polyakov
next prev parent reply other threads:[~2006-10-02 13:42 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-09-22 11:29 Is TCP over IPsec broken in 2.6.18? Evgeniy Polyakov
2006-09-22 11:35 ` Evgeniy Polyakov
2006-09-22 12:19 ` Evgeniy Polyakov
2006-09-22 12:23 ` Patrick McHardy
2006-09-22 14:03 ` Evgeniy Polyakov
2006-09-22 15:15 ` James Morris
2006-09-22 15:47 ` James Morris
2006-09-23 4:29 ` Evgeniy Polyakov
2006-09-24 5:11 ` James Morris
2006-09-24 9:08 ` Patrick McHardy
2006-09-24 14:33 ` James Morris
2006-09-24 23:54 ` Herbert Xu
[not found] ` <20060925103836.GA13966@2ka.mipt.ru>
2006-09-25 11:27 ` Herbert Xu
2006-09-25 12:05 ` Evgeniy Polyakov
2006-09-25 12:55 ` jamal
2006-09-30 5:06 ` James Morris
2006-09-30 5:14 ` James Morris
2006-09-30 7:41 ` James Morris
2006-09-30 11:15 ` Evgeniy Polyakov
2006-09-30 14:36 ` James Morris
2006-09-30 14:40 ` Evgeniy Polyakov
2006-09-30 14:42 ` Evgeniy Polyakov
2006-09-30 14:44 ` James Morris
2006-10-01 6:27 ` [PATCH] Fix for IPsec leakage with SELinux enabled James Morris
2006-10-02 11:20 ` Evgeniy Polyakov
2006-10-02 13:31 ` James Morris
2006-10-02 13:42 ` Evgeniy Polyakov [this message]
2006-10-02 14:05 ` James Morris
2006-10-02 14:27 ` [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 James Morris
2006-10-02 16:00 ` Evgeniy Polyakov
2006-10-02 16:13 ` James Morris
2006-10-02 16:30 ` Evgeniy Polyakov
2006-10-02 16:41 ` James Morris
2006-10-04 5:08 ` Evgeniy Polyakov
2006-10-04 13:00 ` James Morris
2006-10-03 23:18 ` David Miller
2006-10-04 1:33 ` James Morris
2006-10-04 13:41 ` Herbert Xu
2006-10-05 20:58 ` James Morris
2006-10-05 21:04 ` David Miller
-- strict thread matches above, loose matches on Subject: below --
2006-10-01 20:55 [PATCH] Fix for IPsec leakage with SELinux enabled Venkat Yekkirala
2006-10-02 1:44 ` James Morris
2006-10-02 17:09 Venkat Yekkirala
2006-10-02 18:39 ` James Morris
2006-10-02 18:59 Venkat Yekkirala
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20061002134200.GA20441@2ka.mipt.ru \
--to=johnpol@2ka$(echo .)mipt.ru \
--cc=davem@davemloft$(echo .)net \
--cc=herbert@gondor$(echo .)apana.org.au \
--cc=jmorris@namei$(echo .)org \
--cc=netdev@vger$(echo .)kernel.org \
--cc=paul.moore@hp$(echo .)com \
--cc=sds@tycho$(echo .)nsa.gov \
--cc=vyekkirala@TrustedCS$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox