| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Apr 2010 23:52:56 -0700 (PDT) From: David Miller <davem@...emloft.net> To: eric.dumazet@...il.com Cc: krkumar2@...ibm.com, netdev@...r.kernel.org, nuclearcat@...learcat.com Subject: Re: NULL pointer dereference panic in stable (2.6.33.2), amd64 From: Eric Dumazet <eric.dumazet@...il.com> Date: Mon, 12 Apr 2010 09:18:17 +0200 > [PATCH] net: dev_pick_tx() fix > > When dev_pick_tx() caches tx queue_index on a socket, we must check > socket dst_entry matches skb one, or risk a crash later, as reported by > Denys Fedorysychenko, if old packets are in flight during a route > change, involving devices with different number of queues. > > Bug introduced by commit a4ee3ce3 > (net: Use sk_tx_queue_mapping for connected sockets) > > Reported-by: Denys Fedorysychenko <nuclearcat@...learcat.com> > Signed-off-by: Eric Dumazet <eric.dumazet@...il.com> It looks like Denys is still getting crashes even with this patch applied. And I also think there is some meric to some of Krishna's analysis. To me it seems to make more sense to validate the SKB's queue against the real actual choosen device's range. The socket queue index will catch up and eventually become valid because the dst reset will invalidate the queue setting, and we'll thus recompute it as needed, as Krishna stated. So I'm tossing this patch for now since it doesn't even aparently fix the bug. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists