lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAH2r5mu7Wf0n9ZmnhAAWetKRiUczHv+odYHj5bBg6a=G1y2kcQ@mail.gmail.com>
Date: Wed, 2 Apr 2025 22:19:36 -0500
From: Steve French <smfrench@...il.com>
To: Kuniyuki Iwashima <kuniyu@...zon.com>
Cc: bharathsm@...rosoft.com, ematsumiya@...e.de, kuni1840@...il.com, 
	linux-cifs@...r.kernel.org, pc@...guebit.com, samba-technical@...ts.samba.org, 
	sprasad@...rosoft.com, tom@...pey.com, wangzhaolong1@...wei.com, 
	linux-net@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 0/2] cifs: Revert bogus fix for CVE-2024-54680 and its
 followup commit.

I can run some regression tests with these two patches, but it would
be very helpful if the original patch authors could comment (Wang and
Enzo), and since this apparently relies on a fix to the network stack
(the LOCKDEP fix) it would be helpful if any opinions from the network
devs.

For a complex issue like this it is important to have at least some
Tested-by or Reviewed-by for these two, because I was having trouble
reproducing the various reported problems on Ubuntu (or our Fedora
test VMs), and the refcount issues are more complicated they seem.
Let me know if anyone has reviewed these two patches or tested them.


On Wed, Apr 2, 2025 at 9:19 PM Kuniyuki Iwashima <kuniyu@...zon.com> wrote:
>
> From: Steve French <smfrench@...il.com>
> Date: Wed, 2 Apr 2025 20:14:03 -0500
> > might be helpful if there were eBPF tracepoints for some of this that
> > would be able to log warnings optionally if refcount issue on
> > sock_release and/or rmmod
>
> I just posted a fix and there explained that the socket and module
> refcnt discrepancy is totally fine without LOCKDEP.
>
> https://lore.kernel.org/netdev/20250403020837.51664-1-kuniyu@amazon.com/
>
> So, in this case, the helpful warning is one logged by hlock_class().
>
> As it returns NULL and triggers null-ptr-derf, it means something went
> wrong, and I guess it was acceptable because LOCKDEP is not enabled in
> production.
>
> Btw, I posted v2 with Cc: stable tags as requested by Greg, so please
> drop this v1.
>
> https://lore.kernel.org/linux-cifs/20250402202714.6799-1-kuniyu@amazon.com/
>
> Thanks!
>
> >
> >
> > On Wed, Apr 2, 2025 at 3:03 PM Kuniyuki Iwashima <kuniyu@...zon.com> wrote:
> > >
> > > Commit e9f2517a3e18 ("smb: client: fix TCP timers deadlock after
> > > rmmod") was not only a bogus fix for the LOCKDEP issue but also
> > > introduced a real TCP socket leak.
> > >
> > > I'm working on the LOCKDEP fix on the networking side, so let's
> > > revert the commit and its followup fix.
> > >
> > > For details, please see each commit.
> > >
> > >
> > > Kuniyuki Iwashima (2):
> > >   Revert "smb: client: Fix netns refcount imbalance causing leaks and
> > >     use-after-free"
> > >   Revert "smb: client: fix TCP timers deadlock after rmmod"
> > >
> > >  fs/smb/client/connect.c | 34 +++++++++-------------------------
> > >  1 file changed, 9 insertions(+), 25 deletions(-)
> > >
> > > --
> > > 2.48.1



-- 
Thanks,

Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ