lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 22 May 2010 11:51:37 +0200 From: Patrick McHardy <kaber@...sh.net> To: Eric Dumazet <eric.dumazet@...il.com> CC: Ben Pfaff <blp@...ira.com>, Jamal Hadi Salim <hadi@...erus.ca>, netdev@...r.kernel.org Subject: Re: tc: RTM_GETQDISC causes kernel OOPS Eric Dumazet wrote: > Le vendredi 21 mai 2010 à 15:42 -0700, Ben Pfaff a écrit : >> Hi. While working on some library code for working with qdiscs and >> classes I came upon a kernel OOPS. Originally I came across it with a >> 2.6.26 kernel, but I can also reproduce it with unmodified v2.6.34 from >> kernel.org. >> >> At the end of this mail I'm appending both an example of the OOPS and a >> simple test program that reliably reproduces the problem for me when I >> invoke it with "lo" as argument. The program does not need to be run as >> root. >> >> After the OOPS, a lot of networking and other system functions stop >> working, so it seems to me a serious issue. >> >> The null pointer dereference that causes the OOPS is the dereference of >> the return value of qdisc_dev() in tc_fill_qdisc() in >> net/sched/sch_api.c line 1163: >> >> 1161 tcm->tcm__pad1 = 0; >> 1162 tcm->tcm__pad2 = 0; >> 1163 tcm->tcm_ifindex = qdisc_dev(q)->ifindex; >> 1164 tcm->tcm_parent = clid; >> 1165 tcm->tcm_handle = q->handle; >> >> I am pretty sure about that, because if I add "WARN_ON(!qdisc_dev(q));" >> just before line 1163 then that warning triggers. >> >> Thanks, > > Indeed, thanks for this very useful report ! > > We could add a check for TCQ_F_BUILTIN flag, or just make > qdisc_notify() checks consistent for both old and new qdisc > > What other people thinks ? We already use TCQ_F_BUILTIN in tc_qdisc_dump_ignore(), so I think it would be more consistent than checking for a handle to use it here as well. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists