lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <43450517-c3c5-bbcb-8d9b-cbe2a0b25542@iteg.at>
Date:   Tue, 8 Nov 2016 15:03:08 +0100
From:   Christoph Lechleitner <christoph.lechleitner@...g.at>
To:     Jens Axboe <axboe@...nel.dk>, linux-kernel@...r.kernel.org,
        stable@...r.kernel.org, drbd-dev@...ts.linbit.com,
        philipp.reisner@...bit.com, viro@...iv.linux.org.uk,
        Richard Weinberger <richard@....at>, wolfgang.glas@...g.at
Subject: Re: [PATCH] drbd: Fix kernel_sendmsg() usage

Am 2016-11-08 um 14:43 schrieb Lars Ellenberg:
> From 3a5859e696178e31a25e65de58c461046fc52beb Mon Sep 17 00:00:00 2001
> From: Richard Weinberger <richard@....at>
> Date: Tue, 8 Nov 2016 11:43:09 +0100
> Subject: [PATCH] drbd: Fix kernel_sendmsg() usage - potential NULL deref
> drbd: Fix kernel_sendmsg() usage - potential NULL deref

> Even with this error exposed, to trigger the bug, we would need to have
> an environment (config or otherwise) causing us to not use sendpage()
> for larger transfers, a flaky connection, and have it fail "just at the
> right time".  Apparently that was unlikely enough for most, so this went
> unnoticed for years.

Our drbd configuration was created some 8 years ago.
Maybe I should have read more migration tips when upgrading again and
again, sorry ;-)

But a 30cm Cat6 cable directly connecting 2 dedicated ethernet ports
should not match the term "flaky connection".

FYI:
I co-own the company that hired Richard to track down this bug, that
repeatedly (~15 times) forced us to hard-reset servers hosting tens of
virtual root servers for our customers.

Regards, Christoph Lechleitner

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ