| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 20 Jan 2008 17:25:24 -0800 (PST) From: David Miller <davem@...emloft.net> To: kaber@...sh.net Cc: xemul@...nvz.org, netdev@...r.kernel.org Subject: Re: [NET]: rtnl_link: fix use-after-free From: Patrick McHardy <kaber@...sh.net> Date: Sun, 20 Jan 2008 18:21:27 +0100 > commit 6e470bd53fb50632fe1878bb74bb8531a21b6731 > Author: Patrick McHardy <kaber@...sh.net> > Date: Sun Jan 20 18:19:15 2008 +0100 > > [NET]: rtnl_link: fix use-after-free > > When unregistering the rtnl_link_ops, all existing devices using > the ops are destroyed. With nested devices this may lead to a > use-after-free despite the use of for_each_netdev_safe() in case > the upper device is next in the device list and is destroyed > by the NETDEV_UNREGISTER notifier. > > The easy fix is to restart scanning the device list after removing > a device. Alternatively we could add new devices to the front of > the list to avoid having dependant devices follow the device they > depend on. A third option would be to only restart scanning if > dev->iflink of the next device matches dev->ifindex of the current > one. For now this seems like the safest solution. > > With this patch, the veth rtnl_link_ops unregistration can use > rtnl_link_unregister() directly since it now also handles destruction > of multiple devices at once. > > Signed-off-by: Patrick McHardy <kaber@...sh.net> Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists