lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CANn89iJCkHxOpE3TW8+gW8+UCVvT0mY8y8j_GJC1GK0i05dgbg@mail.gmail.com>
Date:   Tue, 22 Nov 2016 09:14:06 -0800
From:   Eric Dumazet <edumazet@...gle.com>
To:     Greg KH <gregkh@...uxfoundation.org>
Cc:     Andre Noll <maan@...bingen.mpg.de>,
        LKML <linux-kernel@...r.kernel.org>, stable@...r.kernel.org,
        Jiri Slaby <jslaby@...e.cz>, Yibin Yang <yibyang@...co.com>,
        Alexander Duyck <alexander.h.duyck@...el.com>,
        Willem de Bruijn <willemb@...gle.com>,
        Alexei Starovoitov <ast@...nel.org>,
        "David S. Miller" <davem@...emloft.net>
Subject: Re: Linux 4.4.34

On Tue, Nov 22, 2016 at 9:06 AM, Greg KH <gregkh@...uxfoundation.org> wrote:
> On Tue, Nov 22, 2016 at 05:59:12PM +0100, Andre Noll wrote:
>> On Mon, Nov 21, 10:28, Greg KH wrote
>> > I'm announcing the release of the 4.4.34 kernel.
>> >
>> > All users of the 4.4 kernel series must upgrade.
>>
>> This update broke PXE boot on our 4-way AMD boxes. The kernel panics in
>> eth_type_trans(), presumably during kernel-level IP autoconfiguration,
>> see [1]. Bisection points me at 5c67f947 (net: __skb_flow_dissect()
>> must cap its return value). And indeed, reverting this commit fixes
>> the problem for me.
>>
>> Investigation showed that the real problem is not the change in the
>> above commit per se (i.e., capping ->thoff) but the fact that in the
>> success case, where we jump to the "out_good" label, ->thoff is now
>> set *after* ->n_proto and ->ip_proto. I fail to see how order matters
>> here, but it clearly does, since the crash is 100% reproducible,
>> and is fixed by the commit below (on top of v4.4.34).
>>
>> Please consider applying something like the patch below for mainline
>> and -stable.
>
> If this issue is also the same for Linus's tree, we should cc: netdev so
> that the patch can get into there, right?
>
> thanks,
>
> greg k-h

We definitely want to fix the real bug, not working around it.

Seems an aliasing problem, key_control and key_basic might point to
adjacent memory
and a barrier() would solve the issue as well.

Adding a test in fast path looks overkill to me.

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ