lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <3864f233d228b86ea89f224e39ed77b05c298e54@linux.dev>
Date: Thu, 05 Feb 2026 15:29:53 +0000
From: "Jiayuan Chen" <jiayuan.chen@...ux.dev>
To: "David Ahern" <dsahern@...nel.org>, netdev@...r.kernel.org
Cc: "Jiayuan Chen" <jiayuan.chen@...pee.com>,
 syzbot+e738404dcd14b620923c@...kaller.appspotmail.com, "David S. Miller"
 <davem@...emloft.net>, "Eric Dumazet" <edumazet@...gle.com>, "Jakub
 Kicinski" <kuba@...nel.org>, "Paolo Abeni" <pabeni@...hat.com>, "Simon
 Horman" <horms@...nel.org>, "Herbert Xu" <herbert@...dor.apana.org.au>,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH net v3] xfrm: fix ip_rt_bug race in icmp_route_lookup
 reverse path

2026/2/5 23:17, "David Ahern" <dsahern@...nel.org mailto:dsahern@...nel.org?to=%22David%20Ahern%22%20%3Cdsahern%40kernel.org%3E > 写到:


> 
> On 2/5/26 12:02 AM, Jiayuan Chen wrote:
> 
> > 
> > diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
> >  index 4abbec2f47ef..35816ac749bc 100644
> >  --- a/net/ipv4/icmp.c
> >  +++ b/net/ipv4/icmp.c
> >  @@ -554,6 +554,22 @@ static struct rtable *icmp_route_lookup(struct net *net, struct flowi4 *fl4,
> >  /* steal dst entry from skb_in, don't drop refcnt */
> >  skb_dstref_steal(skb_in);
> >  skb_dstref_restore(skb_in, orefdst);
> >  +
> >  + /*
> >  + * At this point, fl4_dec.daddr should NOT be local (we
> >  + * checked fl4_dec.saddr above). However, a race condition
> >  + * may occur if the address is added to the interface
> >  + * concurrently. In that case, ip_route_input() returns a
> >  + * LOCAL route with dst.output=ip_rt_bug, which must not
> >  + * be used for output.
> >  + */
> >  + if (!err && rt2 && rt2->rt_type == RTN_LOCAL) {
> >  + net_warn_ratelimited("detected local route for %pI4 "
> >  + "during ICMP sending, src %pI4\n",
> >  + &fl4_dec.daddr, &fl4_dec.saddr);
> > 
> per Paolo comment on the previous revision of this patch, strings should
> not be split across lines like this. It should be:
> 
> net_warn_ratelimited("detected local route for %pI4 during ICMP sending,
> src %pI4\n",


Sorry about that. I totally misunderstood Paolo's comment.

pw-bot: cr
> > 
> > + dst_release(&rt2->dst);
> >  + err = -EINVAL;
> >  + }
> >  }
> >  
> >  if (err)
> >
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ