lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 23 Jan 2018 09:17:27 +1100
From:   Kees Cook <keescook@...omium.org>
To:     Santosh Shilimkar <santosh.shilimkar@...cle.com>
Cc:     Honggang Li <honli@...hat.com>,
        LKML <linux-kernel@...r.kernel.org>,
        Sowmini Varadhan <sowmini.varadhan@...cle.com>,
        Steve Beattie <sbeattie@...ntu.com>,
        Andy Whitcroft <apw@...onical.com>,
        "David S. Miller" <davem@...emloft.net>,
        Jay Fenlason <fenlason@...hat.com>,
        Network Development <netdev@...r.kernel.org>,
        linux-rdma <linux-rdma@...r.kernel.org>, rds-devel@....oracle.com
Subject: Re: [PATCH] RDS: Fix rds-ping inducing kernel panic

On Tue, Jan 23, 2018 at 4:01 AM, Santosh Shilimkar
<santosh.shilimkar@...cle.com> wrote:
> On 1/22/2018 3:24 AM, Kees Cook wrote:
>>
>> As described in: https://bugzilla.redhat.com/show_bug.cgi?id=822754
>>
>> Attempting an RDS connection from the IP address of an IPoIB interface
>> to itself causes a kernel panic due to a BUG_ON() being triggered.
>> Making the test less strict allows rds-ping to work without crashing
>> the machine.
>>
>> A local unprivileged user could use this flaw to crash the sytem.
>>
> Are you able to reproduce this issue on mainline kernel ?
> IIRC, this sjouldn't happen anymore but if you see it, please
> let me know. Will try it as well. rds-ping on self
> loopback device is often tested and used as well for
> monitoring services in production.

I don't have an RDS test setup, no. But it sounds like kernels without
this patch aren't seeing the problem.

> Am not sure if its applicable anymore. Infact the issue with
> loopback device was due to congestion update and thats been
> already addressed with commit '18fc25c94: {rds: prevent BUG_ON
> triggered on congestion update to loopback}'

That looks very much like it was fixed there. Thanks!

-Kees

-- 
Kees Cook
Pixel Security

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ