lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b0a4bd8a-3b53-e187-b9e9-aa96baadd11d@oracle.com>
Date:   Mon, 18 Dec 2017 09:16:01 -0800
From:   Santosh Shilimkar <santosh.shilimkar@...cle.com>
To:     David Miller <davem@...emloft.net>
Cc:     bot+aaf54a8c644d559d34dedcf3126aac68a20c9e63@...kaller.appspotmail.com,
        linux-kernel@...r.kernel.org, linux-rdma@...r.kernel.org,
        netdev@...r.kernel.org, rds-devel@....oracle.com,
        syzkaller-bugs@...glegroups.com
Subject: Re: BUG: unable to handle kernel NULL pointer dereference in
 rds_send_xmit

On 12/18/2017 9:12 AM, David Miller wrote:
> From: Santosh Shilimkar <santosh.shilimkar@...cle.com>
> Date: Mon, 18 Dec 2017 08:28:05 -0800
> 
>> On 12/18/2017 12:43 AM, syzbot wrote:
>>> Hello,
>>> syzkaller hit the following crash on
>>> 6084b576dca2e898f5c101baef151f7bfdbb606d
>>> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
>>> compiler: gcc (GCC) 7.1.1 20170620
>>> .config is attached
>>> Raw console output is attached.
>>> Unfortunately, I don't have any reproducer for this bug yet.
>>> BUG: unable to handle kernel NULL pointer dereference at
>>> 0000000000000028
>>> program syz-executor6 is using a deprecated SCSI ioctl, please convert
>>> it to SG_IO
>>> IP: rds_send_xmit+0x80/0x930 net/rds/send.c:186
>>
>> Looks like another one tripping on empty transport. Mostly below
>> should
>> address it but we will test it if it does.
>>
>> diff --git a/net/rds/send.c b/net/rds/send.c
>> index 7244d2e..e2d0eaa 100644
>> --- a/net/rds/send.c
>> +++ b/net/rds/send.c
>> @@ -183,7 +183,7 @@ int rds_send_xmit(struct rds_conn_path *cp)
>>                  goto out;
>>          }
>>
>> -       if (conn->c_trans->xmit_path_prepare)
>> +       if (conn->c_trans && conn->c_trans->xmit_path_prepare)
>>                  conn->c_trans->xmit_path_prepare(cp);
> 
> We're seeming to accumulate a lot of checks like this, maybe there
> is a more general way to deal with this problem?
> 
Agree. Some of these additional transports hooks got added later
to specific transports which needs them. Will review this overall
and see if it can be addressed generically.

Regards,
Santosh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ