| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Jan 2014 06:53:45 -0800 From: Eric Dumazet <eric.dumazet@...il.com> To: Andre Naujoks <nautsch2@...il.com> Cc: David Miller <davem@...emloft.net>, socketcan@...tkopp.net, netdev@...r.kernel.org Subject: Re: [PATCH stable 3.11+] can: bcm: add skb destructor On Wed, 2014-01-29 at 09:47 +0100, Andre Naujoks wrote: > On 29.01.2014 08:46, schrieb David Miller: > > From: Andre Naujoks <nautsch2@...il.com> > > Date: Wed, 29 Jan 2014 08:40:03 +0100 > > > >> Even if this is a bug in the CAN BCM implementation. Your "fix" just > >> enabled a user space application to shut down any machine with a kernel > >> containing the BUG_ON patch. > > > > Rather, he detected a potential stray pointer reference to freed data > > that was caused by the CAN code which would difficult if not > > impossible to detect otherwise. > > > > That's even more dangerous, and you should be thanking him. > > "potential" is the keyword here. But its a definite kernel crash as it > is right now with a standard use case for the BCM. > > Don't get me wrong. If there are bugs in the code, they should be fixed, > but I don't think breaking a working (even if flawed) part of the kernel > is the right thing to do here. Shall I remember you this patch was suggested by David Miller, our beloved network maintainer ? Really this is quite silly, I'll tell you. I can send a patch to mark CAN as BROKEN if you want, or you can send an appropriate patch. Your resistance is futile. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists