lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 11 Apr 2022 06:44:03 +0000
From:   "kongweibin (A)" <kongweibin2@...wei.com>
To:     Eric Dumazet <edumazet@...il.com>,
        Nicolas Dichtel <nicolas.dichtel@...nd.com>,
        Eric Dumazet <edumazet@...gle.com>
CC:     David Miller <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Willem de Bruijn <willemb@...gle.com>,
        Pavel Begunkov <asml.silence@...il.com>,
        David Ahern <dsahern@...nel.org>,
        Vasily Averin <vvs@...tuozzo.com>,
        Martin KaFai Lau <kafai@...com>,
        LKML <linux-kernel@...r.kernel.org>,
        netdev <netdev@...r.kernel.org>,
        "Chenxiang (EulerOS)" <rose.chen@...wei.com>,
        liaichun <liaichun@...wei.com>,
        "stable@...r.kernel.org" <stable@...r.kernel.org>
Subject: 答复: [PATCH net] ipv6: fix panic when forwarding a pkt with no in6 dev

> kongweibin, could you test this patch with your setup?
>
> Thanks,
> Nicolas
>
>   net/ipv6/ip6_output.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 
> e23f058166af..fa63ef2bd99c 100644
> --- a/net/ipv6/ip6_output.c
> +++ b/net/ipv6/ip6_output.c
> @@ -485,7 +485,7 @@ int ip6_forward(struct sk_buff *skb)
>   		goto drop;
>   
>   	if (!net->ipv6.devconf_all->disable_policy &&
> -	    !idev->cnf.disable_policy &&
> +	    (!idev || !idev->cnf.disable_policy) &&
>   	    !xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
>   		__IP6_INC_STATS(net, idev, IPSTATS_MIB_INDISCARDS);
>   		goto drop;

I have test the patch with my setup, it is OK.



>> kongweibin reported a kernel panic in ip6_forward() when input 
>> interface has no in6 dev associated.
>>
>> The following tc commands were used to reproduce this panic:
>> tc qdisc del dev vxlan100 root
>> tc qdisc add dev vxlan100 root netem corrupt 5%
>
>Not sure I understand how these qdisc changes can trigger a NULL idev ?
>
>Do we have another bug, like skb->cb[] content being mangled ?
>

As for why qdisc makes the idev null, I tracked where the iif assigned in ip6_rcv_core,
there is no problem there.

Not sure what has changed that makes the iif value wrong.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ