| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ed3ccac0-79ed-fe10-89eb-d403820b4c6a@grimberg.me>
Date: Tue, 30 Mar 2021 10:34:25 -0700
From: Sagi Grimberg <sagi@...mberg.me>
To: "Ewan D. Milne" <emilne@...hat.com>,
Daniel Wagner <dwagner@...e.de>
Cc: linux-nvme@...ts.infradead.org, linux-kernel@...r.kernel.org,
Jens Axboe <axboe@...com>, Hannes Reinecke <hare@...e.de>,
Keith Busch <kbusch@...nel.org>, Christoph Hellwig <hch@....de>
Subject: Re: [PATCH v2] nvme-tcp: Check if request has started before
processing it
>> It is, but in this situation, the controller is sending a second
>> completion that results in a use-after-free, which makes the
>> transport irrelevant. Unless there is some other flow (which is
>> unclear
>> to me) that causes this which is a bug that needs to be fixed rather
>> than hidden with a safeguard.
>>
>
> The kernel should not crash regardless of any network traffic that is
> sent to the system. It should not be possible to either intentionally
> of mistakenly contruct packets that will deny service in this way.
This is not specific to nvme-tcp. I can build an rdma or pci controller
that can trigger the same crash... I saw a similar patch from Hannes
implemented in the scsi level, and not the individual scsi transports..
I would also mention, that a crash is not even the scariest issue that
we can see here, because if the request happened to be reused we are
in the silent data corruption realm...
Powered by blists - more mailing lists