| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Jun 2014 05:41:02 -0700 From: Eric Dumazet <eric.dumazet@...il.com> To: dormando <dormando@...ia.net> Cc: Alexey Preobrazhensky <preobr@...gle.com>, Steffen Klassert <steffen.klassert@...unet.com>, David Miller <davem@...emloft.net>, paulmck@...ux.vnet.ibm.com, netdev@...r.kernel.org, Kostya Serebryany <kcc@...gle.com>, Dmitry Vyukov <dvyukov@...gle.com>, Lars Bull <larsbull@...gle.com>, Eric Dumazet <edumazet@...gle.com>, Bruce Curtis <brutus@...gle.com>, Maciej Żenczykowski <maze@...gle.com>, Alexei Starovoitov <alexei.starovoitov@...il.com> Subject: Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb() On Wed, 2014-06-11 at 00:38 -0700, dormando wrote: > On Wed, 11 Jun 2014, dormando wrote: > > > > --> Meant to say here that both *with* and *without* your two new patches > > it still crashes. > > > > > Unfortunately 3.14 has a few regressions.. one is some bad CPU usage i'll > > > have to track down, and two something about pstore is broken, so I can't > > > get the trace from the crash. It's compressing now and has more of the > > > kernel log, but it's missing the actual panic part. > > > > > > $ git log --oneline v3.14..v3.15 net/ipv4/route.c > > > fbdc0ad ipv4: initialise the itag variable in __mkroute_input > > > 0d5edc6 ipv4, route: pass 0 instead of LOOPBACK_IFINDEX to fib_validate_source() > > > aad8872 ipv4: add a sock pointer to dst->output() path. > > > 9114615 ipv4: return valid RTA_IIF on ip route get > > > 3ed66e9 net: replace __this_cpu_inc in route.c with raw_cpu_inc > > > 0b8c7f6 ipv4: remove ip_rt_dump from route.c > > > 4a4eb21 ipv4: remove ipv4_ifdown_dst from route.c > > > 1e8d642 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net > > > 2045cea net: remove unnecessary return's > > > > > > No more obvious race fixes. I can try 3.15 fully vanilla but I'm having > > > doubts? > > > > > > We have a few patches on top of this, but none of them are active at the > > > time of my test. I've tried removing them in the past and it did nothing > > > as well. > > > > > > Sorry :( > > > > > Spamming now! The pstore'd dmesg looked suspiciously like the boot before > I booted the crashed kernel.. checked pstore again and the crash is there > after a second reboot (wtf.. will test tomorrow). OK then we probably have another bug in UDP, which is that we call sk_dst_set(sk, dst_clone(&rt->dst)); with a dst having DST_NOCACHE set Its a problem, because sk_dst_get() cannot deal safely with such dst. Care to share your program triggering the bug ? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists