Use after free in e100

To:	linux.nics@xxxxxxxxx
Subject:	Use after free in e100
From:	Martin Josefsson <gandalf@xxxxxxxxxxxxxx>
Date:	29 May 2003 14:30:43 +0200
Cc:	netdev@xxxxxxxxxxx
Organization:
Sender:	netdev-bounce@xxxxxxxxxxx

Hi

When using 2.5.69-mm9 which includes Manfred's unmap-after-free patch I
ran into a use-after-free bug in e100 that just might be real.

I ran the two oopses through ksymoops to get some more detail but since
ksyms doesn't exist in 2.5 anymore it failed to resolve the EIP (e100 as
module). But fear not, the EIP is in the original report by kksymoops
and I've included it below.

(identical in both oopses)
EIP is at e100_rx_srv+0x4ac/0x514 [e100]

The two ksymoopsed oopses are attached.


Driver output at init:
(no module options)

Intel(R) PRO/100 Network Driver - version 2.2.21-k1
Copyright (c) 2003 Intel Corporation

e100: selftest OK.
e100: eth0: Intel(R) PRO/100 Network Connection

e100: selftest OK.
e100: eth1: Intel(R) PRO/100 Network Connection


lspci:

00:11.0 Ethernet controller: Intel Corp. 82557/8/9 [Ethernet Pro 100] (rev 04)
00:12.0 Ethernet controller: Intel Corp. 82557/8/9 [Ethernet Pro 100] (rev 05)

-- 
/Martin

e100-decoded
Description: Text document

e100_2-decoded
Description: Text document

<Prev in Thread]	Current Thread	[Next in Thread>
Use after free in e100, Martin Josefsson <=

Previous by Date:	Re: IPv6 module oopsing on 2.5.69, YOSHIFUJI Hideaki / 吉藤英明
Next by Date:	Re: Dump of TCP hang in established state, Martin Josefsson
Previous by Thread:	Re: IPv6 module oopsing on 2.5.69, YOSHIFUJI Hideaki / 吉藤英明
Next by Thread:	[PATCH] change delete bridge to work with new unregister, Stephen Hemminger
Indexes:	[Date] [Thread] [Top] [All Lists]