lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20201120210436.scmic7ygrzviy53o@skbuf>
Date:   Fri, 20 Nov 2020 23:04:36 +0200
From:   Vladimir Oltean <olteanv@...il.com>
To:     Jakub Kicinski <kuba@...nel.org>
Cc:     Christian Eggers <ceggers@...i.de>, Andrew Lunn <andrew@...n.ch>,
        Florian Fainelli <f.fainelli@...il.com>,
        Vivien Didelot <vivien.didelot@...il.com>,
        "David S . Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next v2] net: dsa: avoid potential use-after-free
 error

On Fri, Nov 20, 2020 at 12:59:21PM -0800, Jakub Kicinski wrote:
> On Fri, 20 Nov 2020 20:01:49 +0200 Vladimir Oltean wrote:
> > On Thu, Nov 19, 2020 at 12:09:06PM +0100, Christian Eggers wrote:
> > > If dsa_switch_ops::port_txtstamp() returns false, clone will be freed
> > > immediately. Shouldn't store a pointer to freed memory.
> > >
> > > Signed-off-by: Christian Eggers <ceggers@...i.de>
> > > Fixes: 146d442c2357 ("net: dsa: Keep a pointer to the skb clone for TX timestamping")
> > > ---
> >
> > IMO this is one of the cases to which the following from
> > Documentation/process/stable-kernel-rules.rst does not apply:
> >
> >  - It must fix a real bug that bothers people (not a, "This could be a
> >    problem..." type thing).
> >
> > Therefore, specifying "net-next" as the target tree here as opposed to
> > "net" is the correct choice.
>
> The commit message doesn't really explain what happens after.
>
> Is the dangling pointer ever accessed?

Nothing happens afterwards. He explained that he accessed it once while
working on his ksz9477 PTP series. There's no code affected by this in
mainline.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ