| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20241207025731.839-1-hdanton@sina.com>
Date: Sat, 7 Dec 2024 10:57:31 +0800
From: Hillf Danton <hdanton@...a.com>
To: syzbot <syzbot+2eab87cf3100f45423ec@...kaller.appspotmail.com>
Cc: linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [net?] [s390?] KASAN: slab-use-after-free Read in netdev_walk_all_lower_dev
On Fri, 06 Dec 2024 07:59:25 -0800
> syzbot found the following issue on:
>
> HEAD commit: 896d8946da97 Merge tag 'net-6.13-rc2' of git://git.kernel...
> git tree: net
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10de5330580000
#syz test
--- x/net/smc/smc_core.c
+++ y/net/smc/smc_core.c
@@ -1893,10 +1893,22 @@ int smc_vlan_by_tcpsk(struct socket *clc
ini->vlan_id = vlan_dev_vlan_id(ndev);
goto out_rel;
}
+ rcu_read_lock();
+ if (ndev->reg_state == NETREG_UNREGISTERING || ndev->reg_state == NETREG_UNREGISTERED) {
+ rcu_read_unlock();
+ rc = -ENODEV;
+ goto out_rel;
+ }
+ rcu_read_unlock();
priv.data = (void *)&ini->vlan_id;
rtnl_lock();
- netdev_walk_all_lower_dev(ndev, smc_vlan_by_tcpsk_walk, &priv);
+ rcu_read_lock();
+ if (ndev->reg_state == NETREG_UNREGISTERING || ndev->reg_state == NETREG_UNREGISTERED)
+ rc = -ENODEV;
+ else
+ netdev_walk_all_lower_dev(ndev, smc_vlan_by_tcpsk_walk, &priv);
+ rcu_read_unlock();
rtnl_unlock();
out_rel:
--
Powered by blists - more mailing lists