| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Jul 2017 11:47:20 -0600
From: David Ahern <dsahern@...il.com>
To: Cong Wang <xiyou.wangcong@...il.com>
Cc: Lawrence Brakmo <brakmo@...com>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: BUG triggered in tcp_openreq_init_rwin most likely due to
13d3b1ebe2876
On 7/17/17 11:23 AM, Cong Wang wrote:
> I bet req->rsk_listener is NULL, I guess we need the following fix:
>
> diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h
> index 360c082e885c..d41d40ac3efd 100644
> --- a/include/linux/bpf-cgroup.h
> +++ b/include/linux/bpf-cgroup.h
> @@ -85,7 +85,7 @@ int __cgroup_bpf_run_filter_sock_ops(struct sock *sk,
> int __ret = 0; \
> if (cgroup_bpf_enabled && (sock_ops)->sk) { \
> typeof(sk) __sk = sk_to_full_sk((sock_ops)->sk); \
> - if (sk_fullsock(__sk)) \
> + if (__sk && sk_fullsock(__sk)) \
> __ret = __cgroup_bpf_run_filter_sock_ops(__sk, \
> sock_ops, \
> BPF_CGROUP_SOCK_OPS); \
>
safe bet. I should have seen that since objdump on the address pointed to
return (1 << sk->sk_state) & ~(TCPF_TIME_WAIT | TCPF_NEW_SYN_RECV);
in sk_fullsock.
Tested-by: David Ahern <dsahern@...il.com>
Powered by blists - more mailing lists