| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Mar 2010 11:32:19 -0700
From: "Duyck, Alexander H" <alexander.h.duyck@...el.com>
To: David Miller <davem@...emloft.net>,
"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>
CC: "kaber@...sh.net" <kaber@...sh.net>,
"Kirsher, Jeffrey T" <jeffrey.t.kirsher@...el.com>,
"Brandeburg, Jesse" <jesse.brandeburg@...el.com>,
"Allan, Bruce W" <bruce.w.allan@...el.com>,
"Waskiewicz Jr, Peter P" <peter.p.waskiewicz.jr@...el.com>,
"bugzilla-daemon@...zilla.kernel.org"
<bugzilla-daemon@...zilla.kernel.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"stivi@...y.pl" <stivi@...y.pl>
Subject: RE: [Bug 15582] New: BUG: unable to handle kernel NULL pointer
dereference at 0000000000000028
David Miller wrote:
> From: Andrew Morton <akpm@...ux-foundation.org>
> Date: Mon, 22 Mar 2010 16:14:16 -0700
>
>>
>> (switched to email. Please respond via emailed reply-to-all, not
>> via the bugzilla web interface).
>>
>> On Fri, 19 Mar 2010 12:01:10 GMT
>> bugzilla-daemon@...zilla.kernel.org wrote:
>>
>>> http://bugzilla.kernel.org/show_bug.cgi?id=15582
>>>
>>> Summary: BUG: unable to handle kernel NULL pointer
>>> dereference at 0000000000000028
>>
>> A bug in igb or the vlan code, I guess.
>
> Hmmm, should have been fixed by:
>
> commit d1c76af9e2434fac3add561e26c61b06503de986
> Author: Herbert Xu <herbert@...dor.apana.org.au>
> Date: Mon Mar 16 10:50:02 2009 -0700
>
> GRO: Move netpoll checks to correct location
>
>
> ...
>
> Nevermind, the backtrace signature is different for this
> one.
Actually I think this may be a bug in igb_receive_skb. My guess would be that promiscuous mode is somehow being enabled which is turning off the vlan filtering and as a result we are probably picking up vlan traffic when we have no vlans registered. The null pointer in that case would be adapter->vlgrp.
The patch below should address it. However I suspect it will get mangled by our email system here so I don't believe it will apply. I have also sent a copy of to Jeff to pull into his tree for testing and submission.
Thanks,
Alex
---
This change makes it so that vlan_gro_receive is only used if vlans have been
registered to the adapter structure. Previously we were just sending all vlan
tagged frames in via this function but this results in a null pointer
dereference when vlans are not registered.
Signed-off-by: Alexander Duyck <alexander.h.duyck@...el.com>
---
drivers/net/igb/igb_main.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/drivers/net/igb/igb_main.c b/drivers/net/igb/igb_main.c
index 45a0e4f..7855f71 100644
--- a/drivers/net/igb/igb_main.c
+++ b/drivers/net/igb/igb_main.c
@@ -5110,7 +5110,7 @@ static void igb_receive_skb(struct igb_q_vector *q_vector,
{
struct igb_adapter *adapter = q_vector->adapter;
- if (vlan_tag)
+ if (vlan_tag && adapter->vlgrp)
vlan_gro_receive(&q_vector->napi, adapter->vlgrp,
vlan_tag, skb);
else--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists