| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Jan 2013 08:59:48 +0100 From: Stefan Hajnoczi <stefanha@...hat.com> To: "David S. Miller" <davem@...emloft.net> Cc: Jason Wang <jasowang@...hat.com>, "Michael S. Tsirkin" <mst@...hat.com>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, Stefan Hajnoczi <stefanha@...hat.com> Subject: [PATCH 3.8-rc] tuntap: refuse to re-attach to different tun_struct Multiqueue tun devices support detaching a tun_file from its tun_struct and re-attaching at a later point in time. This allows users to disable a specific queue temporarily. ioctl(TUNSETIFF) allows the user to specify the network interface to attach by name. This means the user can attempt to attach to interface "B" after detaching from interface "A". The driver is not designed to support this so check we are re-attaching to the right tun_struct. Failure to do so may lead to oops. Signed-off-by: Stefan Hajnoczi <stefanha@...hat.com> --- This fix is for 3.8-rc. drivers/net/tun.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/tun.c b/drivers/net/tun.c index fbd106e..cf6da6e 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c @@ -491,6 +491,8 @@ static int tun_attach(struct tun_struct *tun, struct file *file) err = -EINVAL; if (rcu_dereference_protected(tfile->tun, lockdep_rtnl_is_held())) goto out; + if (tfile->detached && tun != tfile->detached) + goto out; err = -EBUSY; if (!(tun->flags & TUN_TAP_MQ) && tun->numqueues == 1) -- 1.8.0.2 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists