LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-25-2014, 06:31 AM   #1
kirankankipati
LQ Newbie
 
Registered: Jun 2014
Posts: 9

Rep: Reputation: Disabled
Unhappy Bug in Kernel's LZ4-HC in 64bit


Hi

I am using kernel's LZ4-HC for lossless compression for optimization of packets in TrafficSqueezer. So far LZ4-HC is working fine with 32bit kernel mode. But in 64bit machine, it is creating trouble. I did lot of debugging and finally pointed the source of the problem lies purely within LZ4-HC kernel crypto library.

I am also facing buffer overrun issues with LZ4-HC 64bit mode.

I reported to the guy who ported LZ4-HC within kernel, so far I didnt got any reply. Is there someone who are facing similar issue ?

Awaiting your help.
Thank you.
 
Old 06-27-2014, 03:50 AM   #2
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Slarm64 & Android
Posts: 16,954

Rep: Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434
File it as a kernel bug within the kernel system, if it exists there.
 
Old 06-27-2014, 06:08 AM   #3
kirankankipati
LQ Newbie
 
Registered: Jun 2014
Posts: 9

Original Poster
Rep: Reputation: Disabled
Hi,

Can you please let know the process of filing kernel bug please ?
 
Old 06-27-2014, 06:50 AM   #4
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Slarm64 & Android
Posts: 16,954

Rep: Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434
https://bugzilla.kernel.org/
Register and fill in an entry. They will want a reproducible way to get the bug.

If you want to partake in correspondence about it, join the Linux Kernel Mailing List and get 500-600 mails per day on kernel matters.
 
Old 06-27-2014, 07:02 AM   #5
kirankankipati
LQ Newbie
 
Registered: Jun 2014
Posts: 9

Original Poster
Rep: Reputation: Disabled
Sure I do that
Thank you.
 
Old 06-28-2014, 12:58 AM   #6
kirankankipati
LQ Newbie
 
Registered: Jun 2014
Posts: 9

Original Poster
Rep: Reputation: Disabled
Thanks again. I reported this bug in official Kernel bugzee: https://bugzilla.kernel.org/show_bug.cgi?id=79091

cheers, Kiran
 
Old 06-29-2014, 03:38 AM   #7
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Slarm64 & Android
Posts: 16,954

Rep: Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434Reputation: 2434
I had a quick look. It's your bug. The rules of this are: He writes the patch, based on the information you have to supply to him; you have to test it.

Download the source and get ready for the patch, because when the patch comes they'll want you to try it. If you're on an RHEL clone(Fedora, Centos, Sciantific Linux, RHEL, etc), do one other thing: Download the source from the distro (which will include a bundle of patches they stick onto the kernel) and make sure _they_ are not patching the same module.

I would also upload, if you can, a test packet and it's corrupted and correct output.
 
Old 06-29-2014, 03:52 AM   #8
kirankankipati
LQ Newbie
 
Registered: Jun 2014
Posts: 9

Original Poster
Rep: Reputation: Disabled
Yes looks like now they patched the 3.15.2. I was in touch with Greg and Don offline (who are doing something about it as referred in Changelogs).

Shortly I test once 3.15.2 and find weather this solves the issue.

In Phoronix there is an article published couple of days ago:
Titled: LZO & LZ4 Security Vulnerabilities Disclosed
http://www.phoronix.com/scan.php?pag...tem&px=MTczMTQ

And as well this points to mailing list:
http://www.openwall.com/lists/oss-se.../2014/06/26/25
http://www.openwall.com/lists/oss-se.../2014/06/26/20
 
Old 06-29-2014, 09:42 AM   #9
Serticall
LQ Newbie
 
Registered: Jun 2014
Posts: 1

Rep: Reputation: Disabled
This is an attempt by a security company to grab some undue fame by blowing out of proportion an already known vulnerability.
They are basically surfing on the "heartbleed" wave.
Not only was the vulnerability known way before the security firm "disclosed" it, but it was also known to be inaccessible, hence impossible to trigger an attack with it with currently known implementations.
Nonetheless, it was tracked as an issue to solve, and patched, "just in case" future implementations get outside of the secured specification format.

---------- Post added 06-29-14 at 09:42 AM ----------

For more info on it :
http://fastcompression.blogspot.fr/2...s-move-on.html
 
Old 06-29-2014, 10:06 AM   #10
kirankankipati
LQ Newbie
 
Registered: Jun 2014
Posts: 9

Original Poster
Rep: Reputation: Disabled
Serticall,

I 100% agree your point

Since even I am wondering how on earth a compression issue could relate to security issue ?

Kernel guys although classified these compression libraries/modules under cryto category. But there is nothing about security in it.

Good that you pointed out. May be sometimes they think people lack some commen sense -> and project as security vulnerability !
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Linux compressors comparison on CentOS 6.5 x86-64: lzo vs lz4 vs gzip vs bzip2 vs lzma LXer Syndicated Linux News 0 05-30-2014 04:30 PM
[SOLVED] build 32bit-kernel on 64bit kernel system jimmyting Linux - Software 2 06-04-2012 07:58 AM
LXer: LZ4 For Btrfs Arrives While Its FSCK Remains M.I.A. LXer Syndicated Linux News 0 02-19-2012 07:41 PM
Kernel Panic in 64bit Arch Linux after Kernel Recompile: 2.6.35-rc3 jackerybakery Linux - General 3 06-16-2010 10:21 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration