lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4D912123.2060604@pengutronix.de>
Date:	Tue, 29 Mar 2011 02:00:35 +0200
From:	Marc Kleine-Budde <mkl@...gutronix.de>
To:	David Miller <davem@...emloft.net>
CC:	Netdev@...r.kernel.org, kernel@...gutronix.de
Subject: Re: BUG: ping without route segfaults in dst_release

On 03/29/2011 01:51 AM, David Miller wrote:
> From: Marc Kleine-Budde <mkl@...gutronix.de>
> Date: Tue, 29 Mar 2011 01:18:48 +0200
> 
>> root@ptx:~ ping 130.75.1.32
>> PING 130.75.1.32 (130.75[   10.160000] Unable to handle kernel paging request at virtual address ffffffdb
> 
> Well, that was easy enough :-)

..just finished bisecting :)

FWIW:

b23dd4fe42b455af5c6e20966b7d6959fa8352ea is the first bad commit
commit b23dd4fe42b455af5c6e20966b7d6959fa8352ea
Author: David S. Miller <davem@...emloft.net>
Date:   Wed Mar 2 14:31:35 2011 -0800

    ipv4: Make output route lookup return rtable directly.

    Instead of on the stack.

    Signed-off-by: David S. Miller <davem@...emloft.net>

:040000 040000 a30b2e32bbbbed71fe97ba44b8e0ac4d8691232b 589f843359ccb53c7800e594ea5efa074413f22e M      drivers
:040000 040000 001c629e354ff875e8f2d3d7e4df2506f3396448 a55b417b1c10c3f23fafdf9fa5c6ab3c132d5223 M      include
:040000 040000 1a0100ddadb50d9e61b66d1f18f47f25a4866856 4e89411fcefcfb87f8973910a97b4776d7a3f7f1 M      net

> 
> --------------------
> ipv4: Don't ip_rt_put() an error pointer in RAW sockets.
> 
> Reported-by: Marc Kleine-Budde <mkl@...gutronix.de>
> Signed-off-by: David S. Miller <davem@...emloft.net>
> ---
>  net/ipv4/raw.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
> index e837ffd..2d3c72e 100644
> --- a/net/ipv4/raw.c
> +++ b/net/ipv4/raw.c
> @@ -569,6 +569,7 @@ static int raw_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
>  		rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
>  		if (IS_ERR(rt)) {
>  			err = PTR_ERR(rt);
> +			rt = NULL;

IIRC I saw another commit which looks the same, in a different file
though. Any chance there are more rt = NULL missing?
>  			goto done;
>  		}
>  	}

Marc

-- 
Pengutronix e.K.                  | Marc Kleine-Budde           |
Industrial Linux Solutions        | Phone: +49-231-2826-924     |
Vertretung West/Dortmund          | Fax:   +49-5121-206917-5555 |
Amtsgericht Hildesheim, HRA 2686  | http://www.pengutronix.de   |


Download attachment "signature.asc" of type "application/pgp-signature" (263 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ