On Sat, Sep 7, 2013 at 11:01 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote: > On Sat, Sep 7, 2013 at 9:54 PM, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: >> On Sun, Sep 08, 2013 at 02:37:03PM +1000, Herbert Xu wrote: >>> On Sat, Sep 07, 2013 at 08:34:15PM -0700, Kees Cook wrote: >>> > >>> > However, I noticed on the "good" path (even without the above patch), >>> > I sometimes see a double-kfree triggered by the modprobe process. I >>> > can't, however, see how that's happening, since larval_destroy should >>> > only be called when refcnt == 0. >>> >>> Do you still see this double free with this patch? Without the >>> patch it is completely expected as killing the same lavral twice >>> will cause memory corruption leading to all sorts of weirdness, >>> even if you stop it from deleting the list entry twice. >> >> Actually I know what it is. sha512 registers two algorithms. >> Therefore, it will create two larvals in sequence and then destroy >> them in turn. So it's not a double free at all. If you put a >> printk in crypto_larval_alloc that should confirm this. > > Ah! That would make sense; it just happens to re-allocate to the exact > same location, yes. Whew, that's certainly what's happening. I can > retest to confirm in my morning. Confirmed: 2 allocs happen, and then 2 kfrees. :) -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
