| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201004120204.11405.nuclearcat@nuclearcat.com> Date: Mon, 12 Apr 2010 02:04:11 +0300 From: Denys Fedorysychenko <nuclearcat@...learcat.com> To: Eric Dumazet <eric.dumazet@...il.com> Cc: netdev@...r.kernel.org, Krishna Kumar <krkumar2@...ibm.com>, David Miller <davem@...emloft.net> Subject: Re: NULL pointer dereference panic in stable (2.6.33.2), amd64 > It is IMHO not safe, because route for this socket might have just > changed and we are transmitting an old packet (queued some milli seconds > before, when route was different). > > We then memorize a queue_index that might be too big for the new device > of new selected route. > > Next packet we want to transmit will take the cached value of > queue_index, correct for old device, maybe not correct for new device. Yes, it is possible, i have there RIP with 1k+ routes, changing non-stop. > > You could try to revert commit a4ee3ce3293dc931fab19beb472a8bde1295aebe > > commit a4ee3ce3293dc931fab19beb472a8bde1295aebe I will try to revert it now. But to trigger bug probably i need 1-2 days. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists