lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CADvbK_eRDP=zK7cTFDBmOe1_+-Q57Daet7V1OUY9FPaENDY3VA@mail.gmail.com>
Date:   Sat, 2 Nov 2019 01:58:33 +0800
From:   Xin Long <lucien.xin@...il.com>
To:     Sasha Levin <sashal@...nel.org>
Cc:     "Rantala, Tommi T. (Nokia - FI/Espoo)" <tommi.t.rantala@...ia.com>,
        "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "stable@...r.kernel.org" <stable@...r.kernel.org>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "syzbot+d44f7bbebdea49dbc84a@...kaller.appspotmail.com" 
        <syzbot+d44f7bbebdea49dbc84a@...kaller.appspotmail.com>,
        "marcelo.leitner@...il.com" <marcelo.leitner@...il.com>
Subject: Re: [PATCH 4.14 024/119] sctp: change sctp_prot .no_autobind with true

On Thu, Oct 31, 2019 at 8:10 PM Sasha Levin <sashal@...nel.org> wrote:
>
> On Thu, Oct 31, 2019 at 05:14:15PM +0800, Xin Long wrote:
> >On Thu, Oct 31, 2019 at 3:54 PM Rantala, Tommi T. (Nokia - FI/Espoo)
> ><tommi.t.rantala@...ia.com> wrote:
> >>
> >> On Sun, 2019-10-27 at 22:00 +0100, Greg Kroah-Hartman wrote:
> >> > From: Xin Long <lucien.xin@...il.com>
> >> >
> >> > [ Upstream commit 63dfb7938b13fa2c2fbcb45f34d065769eb09414 ]
> >> >
> >> > syzbot reported a memory leak:
> >> >
> >> >   BUG: memory leak, unreferenced object 0xffff888120b3d380 (size 64):
> >> >   backtrace:
> >> >
> >> >     [...] slab_alloc mm/slab.c:3319 [inline]
> >> >     [...] kmem_cache_alloc+0x13f/0x2c0 mm/slab.c:3483
> >> >     [...] sctp_bucket_create net/sctp/socket.c:8523 [inline]
> >> >     [...] sctp_get_port_local+0x189/0x5a0 net/sctp/socket.c:8270
> >> >     [...] sctp_do_bind+0xcc/0x200 net/sctp/socket.c:402
> >> >     [...] sctp_bindx_add+0x4b/0xd0 net/sctp/socket.c:497
> >> >     [...] sctp_setsockopt_bindx+0x156/0x1b0 net/sctp/socket.c:1022
> >> >     [...] sctp_setsockopt net/sctp/socket.c:4641 [inline]
> >> >     [...] sctp_setsockopt+0xaea/0x2dc0 net/sctp/socket.c:4611
> >> >     [...] sock_common_setsockopt+0x38/0x50 net/core/sock.c:3147
> >> >     [...] __sys_setsockopt+0x10f/0x220 net/socket.c:2084
> >> >     [...] __do_sys_setsockopt net/socket.c:2100 [inline]
> >> >
> >> > It was caused by when sending msgs without binding a port, in the path:
> >> > inet_sendmsg() -> inet_send_prepare() -> inet_autobind() ->
> >> > .get_port/sctp_get_port(), sp->bind_hash will be set while bp->port is
> >> > not. Later when binding another port by sctp_setsockopt_bindx(), a new
> >> > bucket will be created as bp->port is not set.
> >> >
> >> > sctp's autobind is supposed to call sctp_autobind() where it does all
> >> > things including setting bp->port. Since sctp_autobind() is called in
> >> > sctp_sendmsg() if the sk is not yet bound, it should have skipped the
> >> > auto bind.
> >> >
> >> > THis patch is to avoid calling inet_autobind() in inet_send_prepare()
> >> > by changing sctp_prot .no_autobind with true, also remove the unused
> >> > .get_port.
> >>
> >> Hi,
> >>
> >> I'm seeing SCTP oops in 4.14.151, reproducible easily with iperf:
> >>
> >> # iperf3 -s -1 &
> >> # iperf3 -c localhost --sctp
> >>
> >> This patch was also included in 4.19.81, but there it seems to be working
> >> fine.
> >>
> >> Any ideas if this patch is valid for 4.14, or what's missing in 4.14 to
> >> make this work?
> >pls get this commit into 4.14, which has been in 4.19:
> >
> >commit 644fbdeacf1d3edd366e44b8ba214de9d1dd66a9
> >Author: Xin Long <lucien.xin@...il.com>
> >Date:   Sun May 20 16:39:10 2018 +0800
> >
> >    sctp: fix the issue that flags are ignored when using kernel_connect
>
> Care to send a backport?
Sure, I haven't yet sent a backport for 4.14.y
After I do the cherry-pick, what's the next step? Post it upstream
with CCing someone ?

>
> --
> Thanks,
> Sasha

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ