lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <25rzouzv3bf4opsbgcbwjn3ycip5s75awl5muu5fzcibwjnv4b@4khlyuarrnl5>
Date: Tue, 6 Aug 2024 16:48:56 +0800
From: Shung-Hsi Yu <shung-hsi.yu@...e.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, cve@...nel.org
Cc: linux-kernel@...r.kernel.org
Subject: Re: CVE-2024-42082: xdp: Remove WARN() from __xdp_reg_mem_model()

On Mon, Jul 29, 2024 at 05:53:11PM GMT, Greg Kroah-Hartman wrote:
> Description
> ===========
> 
> In the Linux kernel, the following vulnerability has been resolved:
> 
> xdp: Remove WARN() from __xdp_reg_mem_model()
> 
> syzkaller reports a warning in __xdp_reg_mem_model().
> 
> The warning occurs only if __mem_id_init_hash_table() returns an error. It
> returns the error in two cases:
> 
>   1. memory allocation fails;
>   2. rhashtable_init() fails when some fields of rhashtable_params
>      struct are not initialized properly.
> 
> The second case cannot happen since there is a static const rhashtable_params
> struct with valid fields. So, warning is only triggered when there is a
> problem with memory allocation.
> 
> Thus, there is no sense in using WARN() to handle this error and it can be
> safely removed.
[...]

The mention fix (below) simply removed a WARN_ON(1) call, so I believe
there's no security implication here.


--- a/net/core/xdp.c
+++ b/net/core/xdp.c
@@ -295,10 +295,8 @@ static struct xdp_mem_allocator *__xdp_reg_mem_model(struct xdp_mem_info *mem,
 		mutex_lock(&mem_id_lock);
 		ret = __mem_id_init_hash_table();
 		mutex_unlock(&mem_id_lock);
-		if (ret < 0) {
-			WARN_ON(1);
+		if (ret < 0)
 			return ERR_PTR(ret);
-		}
 	}
 
 	xdp_alloc = kzalloc(sizeof(*xdp_alloc), gfp);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ