[grsec] Kernel Hangs: Highmem and GRSECURITY
Syed Ahemed
kingkhan at gmail.com
Sat Sep 9 12:48:49 EDT 2006
Cool ,Thanks a lot .
In a hurry to get my 15 minutes of fame ,I missed the apparent difference:-)
Will be extra careful the next time around.Regret wasting your time sir.
On 9/9/06, pageexec at freemail.hu <pageexec at freemail.hu> wrote:
> On 9 Sep 2006 at 6:03, Syed Ahemed wrote:
>
> > Hello ,
> > In the excerpts 2.1.9 grsecurity patch , kmem_cache_free is called
> > when kmem_cache_alloc fails (returns 0) .Isn't this a case of
> > dereferencing a Null pointer.
>
> notice that what we free is 'mpnt', not 'mpnt_m', that is, we just
> prevent leaking a previously allocated item, i don't see where the
> NULL ptr is dereferenced.
>
> > The kernel code without the Patch otherwise is filled with calls to
> > kmem_cache_alloc that just returns -ENOMEM in case of failure.
> >
> > Could you please explain the reason ?
> >
> > +#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC
> > + if ((current->mm->pax_flags & MF_PAX_SEGMEXEC) && (VM_STACK_FLAGS
> > & VM_MAYEXEC)) {
> > + mpnt_m = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
> > + if (!mpnt_m) {
> > + kmem_cache_free(vm_area_cachep, mpnt);
> > + return -ENOMEM;
> > + }
> > + }
> > +#endif
> > +
>
>
>
--
Azhar khan
I'm afraid that I've seen too many people fix bugs by looking at
debugger output, and that almost inevitably leads to fixing the
symptoms rather than the underlying problems.
--Linus
More information about the grsecurity
mailing list