lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 7 Apr 2010 22:23:39 +0200
From:	Sylvain Rochet <gradator@...dator.net>
To:	linux-kernel@...r.kernel.org
Subject: PROBLEM: 2.4.37.9 destroying an Ethernet interface with permanent NUD leaves the kernels with undestroyable interfaces when ATM is compiled in

Hi,

When ATM and Ethernet are compiled in, ATM and Ethernet create their 
NEIGH/ARP tables, they are both assigned to family AF_INET.


int neigh_add(....) {

 ...
        for (tbl=neigh_tables; tbl; tbl = tbl->next) {
                if (tbl->family != ndm->ndm_family)
                        continue;
  ...
}


As ATM table is created before Ethernet(main?) table, 
net/core/neighbour.c::neigh_add() function add all permanent IP ARP 
Ethernet NUD to the IP ATM table, which is wrong.

Therefore, when net/core/neighbour.c::neigh_ifdown() is called ARP 
entries are not cleared, leaving dev->refcnt to a value that will never 
be able to reach 0 anymore.

So, when net/core/dev.c::unregister_netdevice() is called it stalls 
without being able to destroy the interface leaving the system with no 
network tools working anymore.


This is really easy to reproduce:

openvpn --mktun --dev tap10
ip addr add 10.20.30.20/24 dev tap10
ip link set up dev tap10
ip neighbour add 10.20.30.40 lladdr 01:02:03:04:05:06 nud permanent dev tap10
ip link set down dev tap10
openvpn --rmtun --dev tap10

and then kernel log starts being filled by:

unregister_netdevice: waiting for tap10 to become free. Usage count = 2
unregister_netdevice: waiting for tap10 to become free. Usage count = 2
unregister_netdevice: waiting for tap10 to become free. Usage count = 2
unregister_netdevice: waiting for tap10 to become free. Usage count = 2


I changed the family of the ATM table to AF_ATMPVC, of course it fixes 
the issue but I guess this is the wrong way to fix that.


Best regard,
Sylvain

View attachment "wrongfamily-atm-2.5.36.6.patch" of type "text/x-diff" (675 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ