lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 01 Sep 2014 20:12:56 -0500
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Harish Jenny K N <harish_kandiga@...tor.com>
Cc:	<davem@...emloft.net>, <dborkman@...hat.com>, <tgraf@...g.ch>,
	<darkjames-ws@...kjames.pl>, <rgb@...hat.com>,
	<eric.dumazet@...il.com>, <stephen@...workplumber.org>,
	<netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH]     netlink: Safer deletion of sk_bind_node

Harish Jenny K N writes:

> From: Harish Jenny K N <harish_kandiga@...tor.com>
>
>     Unable to handle kernel NULL pointer dereference at virtual address 00000000
>         (netlink_release+0x0/0x2a0) from [<8034e78c>] (sock_release+0x28/0xa4)
>         (sock_release+0x0/0xa4) from [<8034e830>] (sock_close+0x28/0x34)
>         (sock_close+0x0/0x34) from [<800f3490>] (__fput+0xf0/0x1ec)
>         (__fput+0x0/0x1ec) from [<800f3634>] (____fput+0x10/0x14)
>         (____fput+0x0/0x14) from [<80040a64>] (task_work_run+0xb8/0xd8)
>         (task_work_run+0x0/0xd8) from [<800113a0>] (do_work_pending+0xb0/0xc4)
>         (do_work_pending+0x0/0xc4) from [<8000d960>] (work_pending+0xc/0x20)
>     Call flow of the inline and static functions
>         netlink_release
>         -----netlink_remove
>         ---------__sk_del_bind_node
>         --------------__hlist_del

Is there any reason __sk_del_bind_node should not be changed instead?

If not there should be a description of what makes netlink's use of
__sk_del_bind_node special....

Eric

p.s. Your name was in your from line, but not your email address making
it hard to reply to you.

> Signed-off-by: Harish Jenny K N <harish_kandiga@...tor.com>
> ---
>  net/netlink/af_netlink.c |    4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
> index c416725..21a6b32 100644
> --- a/net/netlink/af_netlink.c
> +++ b/net/netlink/af_netlink.c
> @@ -1103,7 +1103,7 @@ static void netlink_remove(struct sock *sk)
>  
>  	netlink_table_grab();
>  	if (nlk_sk(sk)->subscriptions)
> -		__sk_del_bind_node(sk);
> +		hlist_del_init(&sk->sk_bind_node);
>  	netlink_table_ungrab();
>  }
>  
> @@ -1382,7 +1382,7 @@ netlink_update_subscriptions(struct sock *sk, unsigned int subscriptions)
>  	struct netlink_sock *nlk = nlk_sk(sk);
>  
>  	if (nlk->subscriptions && !subscriptions)
> -		__sk_del_bind_node(sk);
> +		hlist_del_init(&sk->sk_bind_node);
>  	else if (!nlk->subscriptions && subscriptions)
>  		sk_add_bind_node(sk, &nl_table[sk->sk_protocol].mc_list);
>  	nlk->subscriptions = subscriptions;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists