lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sun, 23 Oct 2011 21:24:41 +0000
From:	"Woodhouse, David" <david.woodhouse@...el.com>
To:	Sjur Brændeland <sjurbren@...il.com>,
	"davem@...hat.com" <davem@...hat.com>
CC:	"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: [non-quoted-printable PATCH] Fix caif BUG() with network namespaces

The caif code will register its own pernet_operations, and then register
a netdevice_notifier. Each time the netdevice_notifier is triggered,
it'll do some stuff... including a lookup of its own pernet stuff with
net_generic().

If the net_generic() call ever returns NULL, the caif code will BUG().
That doesn't seem *so* unreasonable, I suppose — it does seem like it
should never happen.

However, it *does* happen. When we clone a network namespace,
setup_net() runs through all the pernet_operations one at a time. It
gets to loopback before it gets to caif. And loopback_net_init()
registers a netdevice... while caif hasn't been initialised. So the caif
netdevice notifier triggers, and immediately goes BUG().

I'm not entirely sure how best to fix this in the general case. Perhaps
the netdevice_notifier registration should be pernet too, rather than
global? Or perhaps we should suppress the notifier calls during
setup_net() and flush them at the end after everything has been
initialised?

But really, I'm inclined to just take the simple approach. Make
caif_device_notify() *not* go looking for its pernet data structures if
the device it's being notified about isn't a caif device in the first
place. This simple patch is sufficient to avoid the problem, and is
probably good enough.

Cc: stable@...nel.org
Signed-off-by: David Woodhouse <David.Woodhouse@...el.com>

---
Sorry, forgot to disable signature on previous patch so it got sent as
QP. This should be better.

diff --git a/net/caif/caif_dev.c b/net/caif/caif_dev.c
index 7f9ac07..47fc8f3 100644
--- a/net/caif/caif_dev.c
+++ b/net/caif/caif_dev.c
@@ -212,8 +212,7 @@ static int caif_device_notify(struct notifier_block *me, unsigned long what,
 	enum cfcnfg_phy_preference pref;
 	enum cfcnfg_phy_type phy_type;
 	struct cfcnfg *cfg;
-	struct caif_device_entry_list *caifdevs =
-	    caif_device_list(dev_net(dev));
+	struct caif_device_entry_list *caifdevs;
 
 	if (dev->type != ARPHRD_CAIF)
 		return 0;
@@ -222,6 +221,8 @@ static int caif_device_notify(struct notifier_block *me, unsigned long what,
 	if (cfg == NULL)
 		return 0;
 
+	caifdevs = caif_device_list(dev_net(dev));
+
 	switch (what) {
 	case NETDEV_REGISTER:
 		caifd = caif_device_alloc(dev);


                   Sent with MeeGo's ActiveSync support.

David Woodhouse                            Open Source Technology Centre
David.Woodhouse@...el.com                              Intel Corporation



Powered by blists - more mailing lists