| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1509571600-4858-42-git-send-email-w@1wt.eu>
Date: Wed, 1 Nov 2017 22:26:32 +0100
From: Willy Tarreau <w@....eu>
To: linux-kernel@...r.kernel.org, stable@...r.kernel.org,
linux@...ck-us.net
Cc: Eric Dumazet <edumazet@...gle.com>,
Solar Designer <solar@...nwall.com>,
Vasiliy Kulikov <segoon@...nwall.com>,
Lorenzo Colitti <lorenzo@...gle.com>,
"David S . Miller" <davem@...emloft.net>, Willy Tarreau <w@....eu>
Subject: [PATCH 3.10 091/139] net: ping: do not abuse udp_poll()
From: Eric Dumazet <edumazet@...gle.com>
commit 77d4b1d36926a9b8387c6b53eeba42bcaaffcea3 upstream.
Alexander reported various KASAN messages triggered in recent kernels
The problem is that ping sockets should not use udp_poll() in the first
place, and recent changes in UDP stack finally exposed this old bug.
Fixes: c319b4d76b9e ("net: ipv4: add IPPROTO_ICMP socket kind")
Fixes: 6d0bfe226116 ("net: ipv6: Add IPv6 support to the ping socket.")
Signed-off-by: Eric Dumazet <edumazet@...gle.com>
Reported-by: Sasha Levin <alexander.levin@...izon.com>
Cc: Solar Designer <solar@...nwall.com>
Cc: Vasiliy Kulikov <segoon@...nwall.com>
Cc: Lorenzo Colitti <lorenzo@...gle.com>
Acked-By: Lorenzo Colitti <lorenzo@...gle.com>
Tested-By: Lorenzo Colitti <lorenzo@...gle.com>
Signed-off-by: David S. Miller <davem@...emloft.net>
[wt: removed the parts related to ping6 as 6d0bfe226116 is not in 3.10]
Signed-off-by: Willy Tarreau <w@....eu>
---
include/net/ipv6.h | 1 +
net/ipv4/af_inet.c | 2 +-
net/ipv6/raw.c | 2 +-
3 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index 413e23b..1c96547c 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -822,6 +822,7 @@ extern int inet6_hash_connect(struct inet_timewait_death_row *death_row,
*/
extern const struct proto_ops inet6_stream_ops;
extern const struct proto_ops inet6_dgram_ops;
+extern const struct proto_ops inet6_sockraw_ops;
struct group_source_req;
struct group_filter;
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 975c369..03610eb 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1053,7 +1053,7 @@ static struct inet_protosw inetsw_array[] =
.type = SOCK_DGRAM,
.protocol = IPPROTO_ICMP,
.prot = &ping_prot,
- .ops = &inet_dgram_ops,
+ .ops = &inet_sockraw_ops,
.no_check = UDP_CSUM_DEFAULT,
.flags = INET_PROTOSW_REUSE,
},
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index c7ce2be..a05e1f1 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -1319,7 +1319,7 @@ void raw6_proc_exit(void)
#endif /* CONFIG_PROC_FS */
/* Same as inet6_dgram_ops, sans udp_poll. */
-static const struct proto_ops inet6_sockraw_ops = {
+const struct proto_ops inet6_sockraw_ops = {
.family = PF_INET6,
.owner = THIS_MODULE,
.release = inet6_release,
--
2.8.0.rc2.1.gbe9624a
Powered by blists - more mailing lists