| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 Sep 2019 17:48:25 +0800
From: Xin Long <lucien.xin@...il.com>
To: Bharath Vedartham <linux.bhar@...il.com>
Cc: davem <davem@...emloft.net>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
allison@...utok.net, tglx@...utronix.de,
network dev <netdev@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
Jon Maloy <jon.maloy@...csson.com>
Subject: Re: net/dst_cache.c: preemption bug in net/dst_cache.c
On Fri, Aug 23, 2019 at 3:58 PM Bharath Vedartham <linux.bhar@...il.com> wrote:
>
> Hi all,
>
> I just want to bring attention to the syzbot bug [1]
>
> Even though syzbot claims the bug to be in net/tipc, I feel it is in
> net/dst_cache.c. Please correct me if I am wrong.
>
> This bug is being triggered a lot of times by syzbot since the day it
> was reported. Also given that this is core networking code, I felt it
> was important to bring this to attention.
>
> It looks like preemption needs to be disabled before using this_cpu_ptr
> or maybe we would be better of using a get_cpu_var and put_cpu_var combo
> here.
b->media->send_msg (tipc_udp_send_msg)
-> tipc_udp_xmit() -> dst_cache_get()
send_msg() is always called under the protection of rcu_read_lock(), which
already disabled preemption. If not, there must be some unbalanced calls of
disable/enable preemption elsewhere.
Agree that this could be a serious issue, do you have any reproducer for this?
Thanks.
>
> [1] https://syzkaller.appspot.com/bug?id=dc6352b92862eb79373fe03fdf9af5928753e057
>
> Thank you
> Bharath
Powered by blists - more mailing lists